搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

SEC_ERROR_OCSP_INVALID_SIGNING_CERT

  • 23 回覆
  • 225 有這個問題
  • 1373 次檢視
  • 最近回覆由 cor-el

more options

Today we have started getting the following error when trying to access bing.com

Secure Connection Failed

An error occurred during a connection to www.bing.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

What is strange is that this is happening (1) only in Firefox, and (2) only on some of our computers. We have a mixture of wired and wireless computers on our home network. I have checked computer times. Firefoxes are all running 53.0.3 on Windows 7. Setting security.ssl.enable_ocsp_stapling to false resolves the issue, but only while the setting is false.

Thanks for your help!

被選擇的解決方法

There seems to be something wrong on some Microsoft servers. Hopefully they fix this quickly on affected servers.

This looks like a problem with OCSP stapling on the server because it works when I disable OCSP Stapling in Firefox.

You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.

  • security.ssl.enable_ocsp_stapling = false
從原來的回覆中察看解決方案 👍 23

所有回覆 (3)

more options

Hello, up front: am happy the matter is solved! No doubt about it...

That said, how come then that Chrome did not have these issues?

If Chrome keeps on working, whilst Firefox worked fine, but all of sudden not anymore, as an end-user would you then expect it to be a Microsoft issue?

Anyway, am happy the matter is solved.

Thanks! =

more options

ffw62 said

That said, how come then that Chrome did not have these issues?

The problem was with Microsoft, whose servers   (in layman's terms)   send an expired assurance that their SSL certificate is still valid. Unfortunately it turns out that Firefox is the only browser checking for this on each secure https site it is loading.

(whereas other browsers glance over that and only check for  : https://en.wikipedia.org/wiki/Extended_Validation_Certificate).

more options

Note that you can set security.OCSP.enabled to 2 to enable OCSP for EV certificates only (1 means for DV and EV). I wasn't able to test whether this would have worked since Outlook was already working for me when I found this as a possible cure.

  1. 1
  2. 2