X
點擊此處開啟此網站的行動版。

技術支援討論區

SEC_ERROR_OCSP_INVALID_SIGNING_CERT

已張貼

Today we have started getting the following error when trying to access bing.com

Secure Connection Failed

An error occurred during a connection to www.bing.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

What is strange is that this is happening (1) only in Firefox, and (2) only on some of our computers. We have a mixture of wired and wireless computers on our home network. I have checked computer times. Firefoxes are all running 53.0.3 on Windows 7. Setting security.ssl.enable_ocsp_stapling to false resolves the issue, but only while the setting is false.

Thanks for your help!

Today we have started getting the following error when trying to access bing.com Secure Connection Failed An error occurred during a connection to www.bing.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. What is strange is that this is happening (1) only in Firefox, and (2) only on some of our computers. We have a mixture of wired and wireless computers on our home network. I have checked computer times. Firefoxes are all running 53.0.3 on Windows 7. Setting security.ssl.enable_ocsp_stapling to false resolves the issue, but only while the setting is false. Thanks for your help!

被選擇的解決方法

There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers.

This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox.

You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.

  • security.ssl.enable_ocsp_stapling = false
從原來的回覆中察看解決方案 23

額外的系統細節

已安裝的外掛程式

  • Shockwave Flash 25.0 r0

應用程式

  • User Agent: Mozilla/5.0 (Windows NT 6.1; rv:53.0) Gecko/20100101 Firefox/53.0

更多資訊

cor-el
  • Top 10 Contributor
  • Moderator
17567 個解決方法 158879 個答案

選擇的解決方法

There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers.

This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox.

You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.

  • security.ssl.enable_ocsp_stapling = false
There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers. This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox. *https://en.wikipedia.org/wiki/OCSP_Stapling *https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ You can temporarily toggle this pref to false on the <b>about:config</b> page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website. *security.ssl.enable_ocsp_stapling = false

提出問題者

@cor-el So, you are experiencing the same issue? Thanks!

@cor-el So, you are experiencing the same issue? Thanks!
ffw62 6 個解決方法 85 個答案

Same with logging into mail.live.com Used to work fine. Now I need to search Internet, read threads, apply user unfriendly solutions..

A quicker and easier workaround: use Chrome, no problem. sorry to say...

=

Same with logging into mail.live.com Used to work fine. Now I need to search Internet, read threads, apply user '''un'''friendly solutions.. A quicker and easier workaround: use Chrome, no problem. sorry to say... =

由 ffw62 於 修改

Monkeys_uncle 1 個解決方法 8 個答案

有幫助的回覆

Firefox is blocking my Outlook email account. SEC_ERROR_OCSP_INVALID_SIGNING_CERT So why? Outlook has been fine for many years, but now Firefox is only choosing to let us open sites that it wants us to. Sure, if this was a dodgy porn site or something then fine but not a basic and much used email site.

As previously noted, it works perfectly well using CHROME (which by and large is a much smoother browser) but as I prefer to use Firefox that's a bit of a pain.

So come on Firefox - act sensibly - grow up. Surely you have a simple answer to your overly robust action.

Firefox is blocking my Outlook email account. SEC_ERROR_OCSP_INVALID_SIGNING_CERT So why? Outlook has been fine for many years, but now Firefox is only choosing to let us open sites that it wants us to. Sure, if this was a dodgy porn site or something then fine but not a basic and much used email site. As previously noted, it works perfectly well using CHROME (which by and large is a much smoother browser) but as I prefer to use Firefox that's a bit of a pain. So come on Firefox - act sensibly - grow up. Surely you have a simple answer to your overly robust action.
ffw62 6 個解決方法 85 個答案

The error window should at least offer a button to simply accept the URL as a safe one. After 'refresh' the site should then be opened in the same way as before.

Firefox should -not- come up with solutions that are basically meant for somewhat 'experienced users' only.

=

The error window should at least offer a button to simply accept the URL as a safe one. After 'refresh' the site should then be opened in the same way as before. Firefox should -not- come up with solutions that are basically meant for somewhat 'experienced users' only. =
Ducky5164 0 個解決方法 1 個答案

Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy"

For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy'

Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy" For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy'
Happy112 561 個解決方法 5694 個答案

Ducky5164 said

Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy" For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy'

Thank you so much for letting us know   !

Merci beaucoup   !

''Ducky5164 [[#answer-972944|said]]'' <blockquote> Pour moi, un simple changement dans les paramètres réseau de Firefox à suffit en passant les préférences à "pas de proxy" For me, a simple change in the network settings of Firefox is enough to pass preferences to 'no proxy' </blockquote> Thank you so much for letting us know &nbsp; ! Merci beaucoup &nbsp; !
Snowbound1 0 個解決方法 6 個答案

I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail.

Has anyone found a solution?

I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail. Has anyone found a solution?
Happy112 561 個解決方法 5694 個答案

Snowbound1 said

I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail. Has anyone found a solution?

Have you tried these methods yet   ?

If you want to, you can disable OCSP (which is a security mechanism) : 3-bar menu   (the three horizontal lines in the upper right corner, right under the closing X) => Advanced => Certificates panel


Another way to disable OCSP   (for now) : Type in the address bar   about:config   (press Enter) (promise to be careful, if asked) Type and look for the preference : security.ssl.enable_ocsp_stapling and set it's value to   false

It is best to reset this pref via the right-click context menu to   true  once you are done with this website.

''Snowbound1 [[#answer-972967|said]]'' <blockquote> I tried the No Proxy trick and doesn't work for me. Cannot access my hotmail. Has anyone found a solution? </blockquote> Have you tried these methods yet &nbsp; ? If you want to, you can disable OCSP (which is a security mechanism) : 3-bar menu &nbsp; (the three horizontal lines in the upper right corner, right under the closing X) => Advanced => Certificates panel ---------------------------------------------------------------------------------------------------------- Another way to disable OCSP &nbsp; (for now) : Type in the address bar &nbsp; '''about:config''' &nbsp; (press Enter) (promise to be careful, if asked) Type and look for the preference : '''security.ssl.enable_ocsp_stapling''' and set it's value to &nbsp; '''false''' It is best to reset this pref via the right-click context menu to &nbsp; '''true'''&nbsp; once you are done with this website.
ffw62 6 個解決方法 85 個答案

This is what I meant in my earlier post...

We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'.

And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong.

But folks at Firefox should release a patch or something soonest possible.

This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible.
philipp
  • Top 25 Contributor
  • Moderator
5320 個解決方法 23499 個答案

it's broken on microsoft's servers as they cache an expired ocsp response and serving that to firefox users - so a fix will have to come from them! https://twitter.com/vcsjones/status/869083883354148864

it's broken on microsoft's servers as they cache an expired ocsp response and serving that to firefox users - so a fix will have to come from them! https://twitter.com/vcsjones/status/869083883354148864
Happy112 561 個解決方法 5694 個答案

ffw62 said

This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible.

I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong   ......

''ffw62 [[#answer-972983|said]]'' <blockquote> This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible. </blockquote> I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong &nbsp; ......
ffw62 6 個解決方法 85 個答案

Yes, I understand, but eh, you know, also speaking for myself, I am also sad .. because what had always going right with Firefox so far, now suddenly doesn't.

Also a bit sad as they 'push' to use Chrome, whereas I have been using FF for more than 12 years now.

I don't want to use Chrome, but recently I have been using it more and more, because Firefox failed and I don't want to spend time as to why it failed. I use Chrome then and when ready, I go back to Firefox.

Yes, I understand, but eh, you know, also speaking for myself, I am also sad .. because what '' had'' always going right with Firefox so far, now suddenly doesn't. Also a bit sad as they 'push' to use Chrome, whereas I have been using FF for more than 12 years now. I don't want to use Chrome, but recently I have been using it more and more, because Firefox failed and I don't want to spend time as to why it failed. I use Chrome then and when ready, I go back to Firefox.
Snowbound1 0 個解決方法 6 個答案

Thank you

Thank you
Monkeys_uncle 1 個解決方法 8 個答案

Happy112 said

ffw62 said
This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible.

I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong   ......

Wherever the real problem comes from, the fact is that we use Firefox and expect things to work properly thereafter. I'm no IT specialist, enthusiast or even just good at finding solutions - I'm just an internet user as many others are - the workings of my computer are for specialists to explore, not me. Therefore to me Firefox is the problem and they at least should be responsible for providing a solution.

''Happy112 [[#answer-972991|said]]'' <blockquote> ''ffw62 [[#answer-972983|said]]'' <blockquote> This is what I meant in my earlier post... We are here to try and 'fix' things, i.e. to get things working again as before, things that developers of Firefox have 'broken'. And automatically one ends up in settings, about configs, try this, try that... and all that kind of stuff. No disrespect, don't get me wrong. But folks at Firefox should release a patch or something soonest possible. </blockquote> I'm only speaking for myself now, but : It makes me so sad to know that users always seem to think that Firefox is to blame for everything that goes wrong &nbsp; ...... </blockquote> Wherever the real problem comes from, the fact is that we use Firefox and expect things to work properly thereafter. I'm no IT specialist, enthusiast or even just good at finding solutions - I'm just an internet user as many others are - the workings of my computer are for specialists to explore, not me. Therefore to me Firefox is the problem and they at least should be responsible for providing a solution.
philipp
  • Top 25 Contributor
  • Moderator
5320 個解決方法 23499 個答案

the problem lies with microsoft, whose servers in layman's terms send an expired assurance that their ssl certificate is still valid - unfortunately it turns out that firefox is the only browser checking for this on each secure https site it is loading (whereas other browsers glance over that and only check for https://en.wikipedia.org/wiki/Extended_Validation_Certificate).

Monkeys_uncle said

Therefore to me Firefox is the problem and they at least should be responsible for providing a solution.

we are doing everything that's within our power already - we are in contact with microsoft about this issue on all our available communication channels (it may not help that today is a holiday in the US) and we're explaining the issue including the workaround to all users seeking support here in the mozilla forum...

the problem lies with microsoft, whose servers in layman's terms send an expired assurance that their ssl certificate is still valid - unfortunately it turns out that firefox is the only browser checking for this on each secure https site it is loading (whereas other browsers glance over that and only check for [https://en.wikipedia.org/wiki/Extended_Validation_Certificate]). ''Monkeys_uncle [[#answer-973074|said]]'' <blockquote> Therefore to me Firefox is the problem and they at least should be responsible for providing a solution. </blockquote> we are doing everything that's within our power already - we are in contact with microsoft about this issue on all our available communication channels (it may not help that today is a holiday in the US) and we're explaining the issue including the workaround to all users seeking support here in the mozilla forum...
Happy112 561 個解決方法 5694 個答案

A round of applause for Philipp, please   !!!

A round of applause for Philipp, please &nbsp; !!!

提出問題者

Bing.com is back for me.

Bing.com is back for me.
Tonnes
  • Locale Leader
246 個解決方法 1454 個答案

This issue was fixed by Microsoft within a few hours after posting the solution here.

To anyone “blaming” Firefox for the consequences (not to say “issue”, since we now know what caused it):

Imagine a customer’s debit card from bank X suddenly stops working for some reason, whereas those of other banks still work. This customer calls their bank and gets to speak to someone within no-time. The customer starts expressing their anger and frustration, feeling strengthened by the fact all other banks “have no issue” and “the bank’s card has been working for years”. All the employee on the phone can say is the bank takes security very seriously, while explaining the real cause and offering a temporary workaround, so the customer is quickly able to do what they want AND able to reverse the workaround when no longer needed.

How would the customer feel when the next or even same day, it turns out a worldwide issue / hacking attempt occurred, affecting many customers from several other banks seeing their account balance go down? Would they still be mad at their bank, or feel comfortable being a customer there instead?

A nice example of some people preferring ease over security while the (2 or more) real “vulnerable” parties are exposed, if you ask me. Not intended to bash other browser manufacturers, but at least something to think about.

This issue was fixed by Microsoft within a few hours after posting the solution here. To anyone “blaming” Firefox for the consequences (not to say “issue”, since we now know what caused it): Imagine a customer’s debit card from bank X suddenly stops working for some reason, whereas those of other banks still work. This customer calls their bank and gets to speak to someone within no-time. The customer starts expressing their anger and frustration, feeling strengthened by the fact all other banks “have no issue” and “the bank’s card has been working for years”. All the employee on the phone can say is the bank takes security very seriously, while explaining the real cause and offering a temporary workaround, so the customer is quickly able to do what they want AND able to reverse the workaround when no longer needed. How would the customer feel when the next or even same day, it turns out a worldwide issue / hacking attempt occurred, affecting many customers from several other banks seeing their account balance go down? Would they still be mad at their bank, or feel comfortable being a customer there instead? A nice example of some people preferring ease over security while the (2 or more) real “vulnerable” parties are exposed, if you ask me. Not intended to bash other browser manufacturers, but at least something to think about.

由 Tonnes 於 修改

Happy112 561 個解決方法 5694 個答案

@Tonnes :

A million kudos   !!!

@Tonnes : A million kudos &nbsp; !!!