Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Learn More

MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

  • 3 ответа
  • 1 имеет эту проблему
  • 623 просмотра
  • Последний ответ от philipp

more options

I have a Comodo single site SSL which tech support & I spent 4 hours trying to troubleshoot and succeeded. Secure Site Labs rates halieusmedia.com: A However, in checking FireFox 61, Mozilla returned the following text at the end of the article;

  "When a CA adds this extension to a certificate, it requires your browser to ensure a stapled OCSP response is present in the TLS handshake. If an OCSP response is not present, the connection will fail and Firefox will display a non-overridable error page. This feature will be included in Firefox 45, currently scheduled to be released in March 2016."

That was ver. 45 I have attempted to upload a screenshot of the specific ocsp functions without success. I can toggle them off or on to test. End result is Mozilla has not corrected the problem as of July 5, 2018. Please consider fixing this once and for all; I want to give my visitors products but cannot if they cannot get to my site.

Cordially, jn14 info@halieusmedia.com

Все ответы (3)

more options

Hi

I have tried to open that site on a dekstop version of Firefox and I am seeing that error.

I have had a look into the cause and it may be due to the servers OSCP response. I recomend that you contact your website host about this issue.

more options

Hi Seburo, thank you for the reply. The SSL contains three or four lines referencing CA, specifically the "staple" (or not) on/off function.

Mozilla Firefox 45- Beta strictly enforce whereas, Chrome does not enforce. There is a method to toggle it off deep in browser setting where most end users never go and do not know they have access to.

If Mozilla has no intention of changing it's subroutine to a relaxed enforcement, then say so. Leaving a promise to fix open year after year is not a problem solved. I love Firefox, have used it personally and professionally and am a beta tester. I will not tell my users and guests how to muck about in the guts of their browser. The very least Mozilla could and maybe should do is release an optional patch for end users. Thanks again.

Cordially, Jn 14 Of halieusmedia.com

more options

hi, firefox is just following the specs here... the certificate that comodo issued for your site states that your server must support ocsp stapling for it to be valid - which apparently your server doesn't do. you'd either have to work with comodo's support to set up your server properly or else get them to issue a certificate without that caveat.

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/