X
Tap here to go to the mobile version of the site.

Support Forum

Error code: sec_error_ocsp_unknown_cert

Posted

Started getting this today on my site...after new Firefox update yesterday.

Secure Connection Failed

An error occurred during a connection to xxxxxxxxxx.com. The OCSP server has no status for the certificate. Error code: sec_error_ocsp_unknown_cert

Started getting this today on my site...after new Firefox update yesterday. Secure Connection Failed An error occurred during a connection to xxxxxxxxxx.com. The OCSP server has no status for the certificate. Error code: sec_error_ocsp_unknown_cert

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.9 r900
  • Google Update
  • Next Generation Java Plug-in 10.45.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.5.146
  • MindSpark Toolbar Platform Plugin Stub for 32-bit Windows
  • 5.1.20913.0
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.8
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • IE Tab plugin
  • RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • Dassault Systemes 3dxml Plug-in
  • NPWLPG
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin

Application

  • Firefox 26.0
  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 Firefox/26.0
  • Support URL: https://support.mozilla.org/1/firefox/26.0/WINNT/en-US/

Extensions

  • Abduction! 3.5.0 ({b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255})
  • All-in-One Gestures 0.26 ({8b86149f-01fb-4842-9dd8-4d7eb02fd055})
  • DownloadHelper 4.9.21 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})
  • FlipClock 0.82 ({cdd09450-7280-11de-8a39-0800200c9a66})
  • Forecastfox 2.2.2 ({0538E3E3-7E9B-4d49-8831-A227C80A7AD3})
  • FromDocToPDF 5.71.2.65464 (65ffxtbr@FromDocToPDF_65.com)
  • IE Tab 4.0.20130422 ({77b819fa-95ad-4f2c-ac7c-486b356188a9})
  • Image Zoom 0.6.3 ({1A2D0EC4-75F5-4c91-89C4-3656F6E44B68})
  • Microsoft .NET Framework Assistant 0.0.0 ({20a82645-c095-46ed-80e3-08825760534b})
  • New Tab Homepage 0.4.3 ({66E978CD-981F-47DF-AC42-E3CF417C1467})
  • Noia 4 Theme Manager 1.8.8pre1 (Noia4Options@ArisT2)
  • PDFescape Extension 0.17 ({2A1D5949-B519-4924-BF62-8522FE0D5274})
  • Places Maintenance 1.3 (places-maintenance@bonardo.net)
  • Plain Text Links 1.0.1 ({ec268e28-22c6-4a6c-ac22-635cabee283c})
  • ReloadEvery 17.0.0 ({888d99e7-e8b5-46a3-851e-1ec45da1e644})
  • Saved Password Editor 2.7.1 (savedpasswordeditor@daniel.dawson)
  • Secure Login 1.0.3 (secureLogin@blueimp.net)
  • Status-4-Evar 2013.10.31.22 (status4evar@caligonstudios.com)
  • Tab Control 0.5.5 ({39952c40-5197-11da-8cd6-0800200c9a66})
  • Tab Kit 2nd Edition 0.10.4 (tabkit2@pikachuexe.amateur.hk)
  • Tab Scope 1.5 (tabscope@xuldev.org)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Undo Closed Tabs Button 3.8.5 (undoclosedtabsbutton@supernova00.biz)
  • Web Developer 1.2.5 ({c45c406e-ab73-11d8-be73-000a95be3b12})
  • avast! Online Security 9.0.2006.53 (wrc@avast.com) (Inactive)
  • BabelFish 1.96 ({ca0849e8-2c76-42ae-9abe-34e14d337acf}) (Inactive)
  • Behind The *Asterisks* (EladKarako Mod) 5.4.3 ({38abe53c-d79f-8e86-9673-57c449674c5e}) (Inactive)
  • Open Link in New Tab 0.1.2013100801 (openlinkintab@piro.sakura.ne.jp) (Inactive)
  • Tab Kit 0.6 (tabkit@jomel.me.uk) (Inactive)
  • Tab Utilities 1.5.1 (tabutils@ithinc.cn) (Inactive)
  • WindFox 1.2.3 (WindFox@windfinder.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce GT 520
  • adapterDescription2:
  • adapterDeviceID: 0x1040
  • adapterDeviceID2:
  • adapterDrivers: nv4_disp
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: False
  • directWriteVersion: 0.0.0.0
  • driverDate: 10-15-2013
  • driverDate2:
  • driverVersion: 6.14.13.3158
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'none', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce GT 520 Direct3D9 vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 9

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 204800
  • browser.cache.disk.smart_size.enabled: False
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.search.openintab: True
  • browser.sessionstore.restore_on_demand: False
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131205075310
  • browser.startup.homepage: about:home
  • browser.startup.homepage_override.buildID: 20131205075310
  • browser.startup.homepage_override.mstone: 26.0
  • browser.tabs.animate: False
  • browser.tabs.loadInBackground: False
  • dom.disable_open_during_load: False
  • dom.mozApps.used: True
  • extensions.lastAppVersion: 26.0
  • font.internaluseonly.changed: False
  • general.autoScroll: False
  • keyword.enabled: False
  • network.cookie.prefsMigrated: True
  • network.http.max-persistent-connections-per-server: 4
  • places.database.lastMaintenance: 1386804756
  • places.history.expiration.transient_current_max_pages: 53644
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.cpd.cookies: False
  • privacy.cpd.downloads: False
  • privacy.cpd.formdata: False
  • privacy.cpd.history: False
  • privacy.cpd.sessions: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1386631956

Misc

  • User JS: Yes
  • Accessibility: No
jscher2000
  • Top 10 Contributor
3127 solutions 28784 answers

To get an independent assessment of the certificate, you can use the tool on this page: https://www.ssllabs.com/ssltest/.

Assuming that checks out, there might be a problem with your Firefox's access to OCSP or a glitch in a saved certificate...

Could you check that you have the default setting for OCSP?

orange Firefox button (or Tools menu) > Options > Advanced > Certificates mini-tab > "Validation" button

Usually the top box is checked and the lower box is not checked. (Screen shot)

To get an independent assessment of the certificate, you can use the tool on this page: [https://www.ssllabs.com/ssltest/]. Assuming that checks out, there might be a problem with your Firefox's access to OCSP or a glitch in a saved certificate... Could you check that you have the default setting for OCSP? orange Firefox button (or Tools menu) > Options > Advanced > Certificates mini-tab > "Validation" button Usually the top box is checked and the lower box is not checked. (Screen shot)
cor-el
  • Top 10 Contributor
  • Moderator
12135 solutions 112713 answers

Try the solution here:

Try the solution here: *[[/questions/974886]]
diamondsw 0 solutions 1 answers

Seeing the same issue when connecting to my own server. SSL Cert checks out as valid (https://www.ssllabs.com/ssltest/analyze.html?d=mini.joshuaochs.com), and OCSP settings are defaults. I run Firefox in permanent private browsing mode, so it's definitely not hanging onto any old session data. This is on Firefox 25.0.1 (downloading 26 now), so it's not necessarily a new bug.

Seeing the same issue when connecting to my own server. SSL Cert checks out as valid (https://www.ssllabs.com/ssltest/analyze.html?d=mini.joshuaochs.com), and OCSP settings are defaults. I run Firefox in permanent private browsing mode, so it's definitely not hanging onto any old session data. This is on Firefox 25.0.1 (downloading 26 now), so it's not necessarily a new bug.
jscher2000
  • Top 10 Contributor
3127 solutions 28784 answers

Hi diamondsw, if you check the Servers tab of the dialog, have you saved any certificates for your server? If so, try removing it and see whether that helps.

I'm not sure what is used and what is disregarded in private mode. To make the cleanest comparison, could you do a two-minute experiment?

Create a new Firefox profile

A new profile will have your system-installed plugins (e.g., Flash) and extensions (e.g., security suite toolbars), but no themes, other extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder.

Exit Firefox and start up in the Profile Manager using Start > search box (or Run):

firefox.exe -P

Any time you want to switch profiles, exit Firefox and return to this dialog.

You'll click the Create Profile button. I recommend using the default location suggested, and to avoid data loss, not re-using any existing folder. Then start Firefox in the new profile you created.

Same cert error in the new profile? Works okay?

When returning to the Profile Manager, you might be tempted to use the Delete Profile button. But... it's a bit too easy to accidentally delete your "real" profile, so I recommend resisting the temptation. If you do want to clean up later, I suggest making a backup of all your profiles first in case something were to go wrong.

Hi diamondsw, if you check the Servers tab of the dialog, have you saved any certificates for your server? If so, try removing it and see whether that helps. I'm not sure what is used and what is disregarded in private mode. To make the cleanest comparison, could you do a two-minute experiment? '''Create a new Firefox profile''' A new profile will have your system-installed plugins (e.g., Flash) and extensions (e.g., security suite toolbars), but no themes, other extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder. Exit Firefox and start up in the Profile Manager using Start > search box (or Run): firefox.exe -P Any time you want to switch profiles, exit Firefox and return to this dialog. You'll click the Create Profile button. I recommend using the default location suggested, and to avoid data loss, not re-using any existing folder. Then start Firefox in the new profile you created. Same cert error in the new profile? Works okay? When returning to the Profile Manager, you might be tempted to use the Delete Profile button. But... it's a bit too easy to accidentally delete your "real" profile, so I recommend resisting the temptation. If you do want to clean up later, I suggest making a backup of all your profiles first in case something were to go wrong.
cor-el
  • Top 10 Contributor
  • Moderator
12135 solutions 112713 answers

You can also try to rename the cert8.db file (cert8.db.old) in the current profile folder temporarily to see if that has effect.


Rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

You can use this button to go to the Firefox profile folder:

  • Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
You can also try to rename the cert8.db file (cert8.db.old) in the current profile folder temporarily to see if that has effect. ----- Rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored. If that helped to solve the problem then you can remove the renamed cert8.db.old file.<br /> Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.<br /> Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. If that didn't help then remove or rename secmod.db (secmod.db.old) as well. You can use this button to go to the Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
nargus 0 solutions 1 answers

Already tried deleting both files and unchecked both OCSP options in the Advance Settings. Neither work. This just started today also, so it's definitely somethings to do with latest Firefox update majorly borked up somewhere.

Already tried deleting both files and unchecked both OCSP options in the Advance Settings. Neither work. This just started today also, so it's definitely somethings to do with latest Firefox update majorly borked up somewhere.
philipp
  • Top 10 Contributor
  • Moderator
2937 solutions 13699 answers

hello nargus, i have answered your question at https://support.mozilla.org/questions/994264

hello nargus, i have answered your question at https://support.mozilla.org/questions/994264