Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Getting "SEC_ERROR_UNKNOWN_ISSUER" only on Google.com and Youtube

  • 18 replies
  • 28 have this problem
  • 66 views
  • Last reply by David S.

I've recently started seeing an SEC_ERROR_UNKNOWN_ISSUER error on Google and Youtube. As far as I can tell, those are the only secured sites affected. I've tried running Firefox in Safe mode and I've scanned my laptop for malwares using Malwarebytes, to no avail.

I'm on a MacBook Pro running Sierra. This is the full error message I get with Google:

https://www.google.com/?gws_rd=ssl

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: true

Certificate chain:


BEGIN CERTIFICATE-----

MIIDuzCCAqOgAwIBAgIIZbQAduIAnFIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMTEwMDkzOTAwWhcNMTgwNDA0MDkzOTAw WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiG/dZRdcEvLXG kiG21fvKgk0IzjJTNsmmG0h8t3dL/43rFbrCfo01us65WCi3hcVYl0U1SFUSOTUJ VsoxXxkCo4IBUTCCAU0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQD AgeAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMGgGCCsGAQUFBwEBBFwwWjAr BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggr BgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4E FgQU2ZfN51KH88xcNHcBLv2Yx1K11zgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW gBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEw CAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNv bS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBACYUDB6V3tgmqD2dYqcpMHBM 11EjtwxYPJVrYGkSO0nBRq3WV6nFScuxu2yaku9Xs/YejYQdXhwQb99xbiYEFSeL vEE+dD2Iu6/cIotquH5Y0t9T+WnGy98dB0g0n2GhGD24bAe+hH/eDuorR05nMkTh /rhxc8GRaoQFJIA2tjukFPhN08iPgqtlpfRlk27FEVA/6nPj76mtZNOm6PifZLmM 8QOMQjC66ibrSb0fc1nYS0S1BP+FK5sHYLLBbOdH8ysILd+r7D+v2g7ZF9mOnyN7 5+bzVoK+VLR/EwE4EERL/+h2yzIW5sjPFuIyTfVTZvM72q8nj3pgZtS4+kjO4tw=


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1 OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHu Wv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0 Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx +5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7j gEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57 r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNV HSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1 dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggr BgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAw NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9i YWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs 12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nsz qX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsB E4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8X fOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87 L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hl MqO5tzHpCvX2HzLc


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S


END CERTIFICATE-----


Any help appreciated!

I've recently started seeing an SEC_ERROR_UNKNOWN_ISSUER error on Google and Youtube. As far as I can tell, those are the only secured sites affected. I've tried running Firefox in Safe mode and I've scanned my laptop for malwares using Malwarebytes, to no avail. I'm on a MacBook Pro running Sierra. This is the full error message I get with Google: https://www.google.com/?gws_rd=ssl Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain: -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIIZbQAduIAnFIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMTEwMDkzOTAwWhcNMTgwNDA0MDkzOTAw WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiG/dZRdcEvLXG kiG21fvKgk0IzjJTNsmmG0h8t3dL/43rFbrCfo01us65WCi3hcVYl0U1SFUSOTUJ VsoxXxkCo4IBUTCCAU0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQD AgeAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMGgGCCsGAQUFBwEBBFwwWjAr BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggr BgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4E FgQU2ZfN51KH88xcNHcBLv2Yx1K11zgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW gBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEw CAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNv bS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBACYUDB6V3tgmqD2dYqcpMHBM 11EjtwxYPJVrYGkSO0nBRq3WV6nFScuxu2yaku9Xs/YejYQdXhwQb99xbiYEFSeL vEE+dD2Iu6/cIotquH5Y0t9T+WnGy98dB0g0n2GhGD24bAe+hH/eDuorR05nMkTh /rhxc8GRaoQFJIA2tjukFPhN08iPgqtlpfRlk27FEVA/6nPj76mtZNOm6PifZLmM 8QOMQjC66ibrSb0fc1nYS0S1BP+FK5sHYLLBbOdH8ysILd+r7D+v2g7ZF9mOnyN7 5+bzVoK+VLR/EwE4EERL/+h2yzIW5sjPFuIyTfVTZvM72q8nj3pgZtS4+kjO4tw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1 OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHu Wv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0 Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx +5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7j gEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57 r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNV HSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1 dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggr BgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAw NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9i YWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs 12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nsz qX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsB E4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8X fOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87 L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hl MqO5tzHpCvX2HzLc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END CERTIFICATE----- Any help appreciated!

Chosen solution

The problem seems to have been fixed by Google now anyway, but thanks for the info on security.ocsp.require. I've no idea how/when/why I set that to 'true', but I must have at some point.

Read this answer in context 👍 2

All Replies (18)

Yep, just today have started getting the same message on YouTube and Google (Aust) sites only. Other secure sites work fine. YT and Google work fine with Safari 11.0.2.

MacBook Pro, macOS 10.13.2, FF 57.0.4.

I've checked add-ons and disabled both Adblock Plus and Ghostery just in case, but makes no difference.

David S. said

Yep, just today have started getting the same message on YouTube and Google (Aust) sites only. Other secure sites work fine. YT and Google work fine with Safari 11.0.2. MacBook Pro, macOS 10.13.2, FF 57.0.4. I've checked add-ons and disabled both Adblock Plus and Ghostery just in case, but makes no difference.

Yeah forgot to mention this, but everything works fine in Safari for me too. So could it be that the problem is on Google's end? Or perhaps it's an issue with the latest Firefox update?

The first part of the certificate chain looks OK, but there is something weird with the GeoTrust Global CA certificate (3). This certificate would normally be a builtin root certificate, but in your case I see this issuer: Equifax Secure Certificate Authority

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities

Try to rename the cert8.db file (cert8.db.old) and delete cert_override.txt in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. Note that Firefox 58 will use an SQLite database named cert9.db.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file.

Firefox will store intermediate certificates that a server sends in the Certificate Manager for future use.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.


1)
Subject C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Issuer 	C=US, O=Google Inc, CN=Google Internet Authority G2

2)
Subject C=US, O=Google Inc, CN=Google Internet Authority G2
Issuer 	C=US, O=GeoTrust Inc., CN=GeoTrust Global CA

3)
Subject C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Issuer 	C=US, O=Equifax, OU=Equifax Secure Certificate Authority

Thanks for the tip. I renamed cert8.db, deleted the cert_override.txt and restarted Firefox, but it didn't work. Though I do get a different error message now:

An error occurred during a connection to www.google.com. The OCSP server experienced an internal error. Error code: SEC_ERROR_OCSP_SERVER_ERROR

Update: Now if I uncheck "Query OCSP responder servers to confirm the current validity of certificates" in Preferences->Privacy & Security, Google and Youtube load just fine... (I'm not convinced it's a good long-term solution to leave this feature off, but I have to admit that I'm a bit out of my depth here.)

Does the Browser Console give more detail about what is happening?

I see these messages in the Browser Console:

Are all OCSP prefs default on the about:config page?

security.OCSP.enabled 0: disabled 1: OCSP fetches are done for both EV and DV certs 2: OCSP fetches are done for EV certs only

Yeah, renaming cert8.db and deleting cert_override.txt didn't work for me either. And ditto with unchecking "Query OCSP responder servers to confirm the current validity of certificates" - that fixes it, for the moment anyway.

I checked on a relative's MacBook with FF 57.0.4 and they're not having the problem - can get to YouTube and Google fine. FF 57.0.4 on my Win 10 system works fine also.

No, all my OCSP settings are not default. See attached. Surely security.OCSP.url being blank is a problem? I sure didn't change this (or any of the others).

Try to rename/remove SiteSecurityServiceState.txt

Can you inspect the certificate chain or is that not possible?

Try to open the Add Security Exception page via the location/address bar to check the details.

  • chrome://pippki/content/exceptionDialog.xul

cor-el said

Does the Browser Console give more detail about what is happening? I see these messages in the Browser Console: Are all OCSP prefs default on the about:config page? security.OCSP.enabled 0: disabled 1: OCSP fetches are done for both EV and DV certs 2: OCSP fetches are done for EV certs only

So what I get from the browser console when I try to load Google is just this:

Error: Could not establish connection. Receiving end does not exist.

As for the prefs in about:config, I see that everything related to OCSP is set to default, EXCEPT security.OCSP.require which is marked modified and at the moment set to true, but I assume this has something to do with that option I checked/unchecked earlier?

cor-el said

Can you inspect the certificate chain or is that not possible?

No, with that latest OCSP error I'm not given the option to examine the certificate chain.

Update: Getting rid of SiteSecurityServiceState.txt didn't help either.

Modified by gabelogan2

Renaming SiteSecurityServiceState.txt did not help.

I cannot inspect cert chain.

chrome://pippki/content/exceptionDialog.xul and entering www.youtube.com gives output attached.

Same here, with Google. 2 additional screenshots from when I click "View..."

Damn. Now I'm suddenly getting the error on my Win 10 Firefox too! Was fine earlier but now I just woke it up again and tried Google and YouTube and I get the same error as on the Mac.

This has to be a problem with the OCSP server surely?

Yes, this looks like a problem with the Google OCSP server

This OCSP response was cached at Jan 20, 2018 7:15:23 AM http://clients1.google.com/ocsp (POST) Unexpected HTTP response: 404 Not Found

Ok, thanks for all your effort on this . Until they fix it we'll just have to switch off OCSP certificate confirmation. Sigh.

That kinda sucks... anyway, thanks for your time cor-el.

David S. said

Ok, thanks for all your effort on this . Until they fix it we'll just have to switch off OCSP certificate confirmation.

You don't have to disable OCSP!

  • security.OCSP.enabled = 1 (default setting) requires Firefox to check the cert with the OCSP server to make sure it hasn't been revoked
  • security.ocsp.require determines what happens if the OCSP server does not respond
    • false (default setting) treats the cert as not revoked and you can connect normally
    • true treats the cert as revoked and prevents you from connecting

I suppose your choice depends on how often you expect to encounter a server with a revoked certificate and a nonresponsive OCSP server. I think the risk is low, but then, I may not be as adventurous in my browsing as you are.

Chosen Solution

The problem seems to have been fixed by Google now anyway, but thanks for the info on security.ocsp.require. I've no idea how/when/why I set that to 'true', but I must have at some point.