
sec_error_ocsp_old_response error from latest firefox 31 release
My firefox installation just upgraded itself to 31.0 and I can no longer access our website. The error message is:
Secure Connection Failed
An error occurred during a connection to https://***.com. The OCSP response contains out-of-date information. (Error code: sec_error_ocsp_old_response)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
The issue started happening only from 31 release and only for https url of this particular website i am trying to access. The same https url works in other web browsers.
A workaround is to toggle the security.ssl.enable_ocsp_stapling property to false in about:config, however I suspect this is not something you can expect the average user to do.
Can you please let me know what possibly changed in latest version and is there something i should do in our server?
All Replies (6)
hello Jee1, please check that your system's date, time & timezone are set correctly!
Hi philipp,
you mean my system? or the server in which the website is hosted?
My system's date and time are correct. It is in CST.
this was primarily with your local system in mind - since ocsp stapling can be time sensitive to the matter of a few hours.
System date and time are correct. Any other suggestions please?
I had to un-check the Use OCSP function under Options -> Advanced -> Certificates -> Validation. Once I restarted Firefox the website came back up.
Please leave OCSP enabled.
If setting the correct system time, time zone, and date doesn't help (make sure to triple check this) then you can try to disable OCSP stapling instead.
You can try to disable OCSP Stapling temporarily by setting the security.ssl.enable_ocsp_stapling pref to false on the about:config page to see if that works.
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.