Cannot connect to Microsoft Communty or Microsoft Account
All of a sudden today I am unable to connect to the Microsoft Community https://answers.microsoft.com/en-us/ and to my Microsoft Account https://account.microsoft.com/privacy/. I can connect with Edge but not FF 95.0. It seems according to the MS Forum that I am not the only one with this problem. Please see screenshots of what I and others are getting.
Isisombululo esikhethiwe
Hi
Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.
If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 2All Replies (20)
Just to test... Try downloading a different version of Firefox and run it. Do not sign into your Firefox account and see if you have the same issue.
https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
I've seen this error today with another user going to docs.microsoft.com. I also got the error a few times, but it works for me in different versions of Firefox. see screenshot
Okulungisiwe
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect
https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors
jonzn4SUSE said
Just to test... Try downloading a different version of Firefox and run it. Do not sign into your Firefox account and see if you have the same issue. https://www.mozilla.org/en-US/firefox/all/#product-desktop-release
I tried that and it did not work sorry to say. Thanks for your help.
FredMcD said
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors What do the security warning codes mean
Thank you for the info. I use Norton 360 and never had a problem connecting to MS. I have no problems with EDGE connecting.
jonzn4SUSE said
I've seen this error today with another user going to docs.microsoft.com. I also got the error a few times, but it works for me in different versions of Firefox. see screenshot
I just tried docs.microsoft.com from your response and cannot connect to that as well. This problem happens on my wife's laptop as well. Now if I use my VPN (ProtonVPN) I can connect.
Web search; https://www.bing.com/search?q=MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
One response says Solved.
FredMcD said
Web search; https://www.bing.com/search?q=MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING One response says Solved.
I looked at that Fred but could not grasp what was done to resolve the issue. I did this morning download the Firefox App from the MS store and still the same thing happens. I have uninstalled and reinstalled Firefox several time and even installed the 32 bit one but still the same thing happens. It is funny that every website I use connects except for MS Community.
Respectfully
UPDATE:
Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.
Okulungisiwe
FredMcD said
Web search; https://www.bing.com/search?q=MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING One response says Solved.
I looked at that Fred but could not grasp what was done to resolve the issue. I did this morning download the Firefox App from the MS store and still the same thing happens. I have uninstalled and reinstalled Firefox several time and even installed the 32 bit one but still the same thing happens. It is funny that every website I use connects except for MS Community.
Respectfully
UPDATE:
Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.
Hi there,
I too got an error just now. After reading https://www.askvg.com/mozilla-pkix-error-ocsp-response-for... I can try explain what happening.
When you browse to any site with https the browser checks out the security of the connection using the Certificate provided from the sites server (eg xxxx.Microsoft.com - see screenshot with Certificates Subject Alternative Name).
Firefox checks the certificate to ask how to verify its a trusted certificate, and uses that to get an Trust or Don't trust response. For Microsoft.com certificate it looks like there is 2 methods - 1. Use MS server to verify or 2 Use the Online Certificate Status Protocol (OCSP). (See screenshot with Certificate Authority Information Access )
OSCP tells Firefox to go ask the certificate authority (CA) if this should be trusted. When it does that the certificate providers server knows you have requested to visit that site. This is where the "stapling" part comes in. Rather than asking the Certificate Providers server, the sites server is asked to do the Trust check. So Firefox ask Microsoft.com to prove its valid. Microsoft.com asks the CA for a receipt that its valid and staples it onto the response back to Firefox - then Firefox knows if it can trust Microsoft.com
The error shown is basically saying something in the response from Microsoft.com is fishy as its missed stapling the OSCP response.
So the issue is with Mircosoft.com's servers. My guess is it works on other browsers because either they are using Option 1 provided by Microsoft (to trust its own server ?) or not checking the OSCP stapled response.
Configuring Firefox to ignore the stapling means that its ignoring the missing OSCP response. It could be that Firefox is coded to always check OCSP if its available as a option to check and the setting is on. When the setting is off the check isn't done.
So whats the impact to you without OSCP_STAPLING ? Efectively the Certificate Authority knows where you have browsed. (Any info firefox sends the CA in the request to verify, which is headers, network info etc).
Okulungisiwe
Missing screenshot re Subject Alternative names affected (ie Sites affected by this)
This is a known widespread bug. Please refer to these threads https://answers.microsoft.com/en-us/feedback/forum/all/firefox-950-will-not-connect-to-ms-community-or/1207632f-6072-4e93-a8a5-f9f0ec4d73ee and https://www.tenforums.com/browsers-email/188810-now-i-cant-check-compatible-win-11-cpus-firefox.html .
new_aged2perfection said
UPDATE: Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.
By disabling stapling, you are reverting to the old school method of checking whether a website's SSL certificate has been revoked. There are two minor issues, but they may not be important to you compared to being able to access the Microsoft site successfully.
Classic method: look up every SSL certificate during verification using an OCSP address provided in the certificate.
The concern there is a slight privacy leak: the certificate issuer receives a request from your browser indicating that your browser is visiting a site using that certificate. In theory, the certificate issuer can collect information about your browsing habits across multiple sites for which it has issued certificates. Do they? I have not seen any real world data on that.
Stapling: browsers can accept a copy of the OCSP response provided by the site with its certificate to bypass the classic request and close off the privacy leak. It also has a performance benefit by avoiding an extra request.
All that said, I'm not getting an error accessing the site today, so maybe Microsoft changed something?
jscher2000 said
new_aged2perfection said
UPDATE: Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.By disabling stapling, you are reverting to the old school method of checking whether a website's SSL certificate has been revoked. There are two minor issues, but they may not be important to you compared to being able to access the Microsoft site successfully.
Classic method: look up every SSL certificate during verification using an OCSP address provided in the certificate.
The concern there is a slight privacy leak: the certificate issuer receives a request from your browser indicating that your browser is visiting a site using that certificate. In theory, the certificate issuer can collect information about your browsing habits across multiple sites for which it has issued certificates. Do they? I have not seen any real world data on that.
Stapling: browsers can accept a copy of the OCSP response provided by the site with its certificate to bypass the classic request and close off the privacy leak. It also has a performance benefit by avoiding an extra request.
All that said, I'm not getting an error accessing the site today, so maybe Microsoft changed something?
Thank you so very much for the great info you provided to me. I always say you learn something new everyday and me turning 70 next month that saying holds true. I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it. Thank you again.
Respectfully, Don
UPDATE: Just tried again and account page was scrambled and forum could not connect.
Okulungisiwe
new_aged2perfection said
I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it.
Thats' good to hear. Well Done for them. Please flag your https://support.mozilla.org/en-US/questions/1360911#answer-1466327 post as Solved Problem as this can help others with similar problems. Go to that post and click the 'Solved' button to its right.
FredMcD said
new_aged2perfection said
I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it.Thats' good to hear. Well Done for them. Please flag your https://support.mozilla.org/en-US/questions/1360911#answer-1466327 post as Solved Problem as this can help others with similar problems. Go to that post and click the 'Solved' button to its right.
Sorry Fred but I just tried again and account page was scrambled and forum could not connect. MS Forum owner Kristen is now suggesting changing Stapling in about:config until issue is resolved. Back to the drawing board.
The problem has been identified as Firefox not supporting SHA-2 hashes in certificate IDs in OCSP certificates. Apparently some of the OCSP certificates in the Microsoft/Akamai network use SHA-2 hashes that way.
A patch was submitted a few hours ago that needs to undergo testing, and assuming it doesn't cause other problems, it should be included in the next update. I don't have an idea of when that might be released.
jscher2000 said
The problem has been identified as Firefox not supporting SHA-2 hashes in certificate IDs in OCSP certificates. Apparently some of the OCSP certificates in the Microsoft/Akamai network use SHA-2 hashes that way. A patch was submitted a few hours ago that needs to undergo testing, and assuming it doesn't cause other problems, it should be included in the next update. I don't have an idea of when that might be released.
Thank you so very much for that information and sharing that with us.
Isisombululo Esikhethiwe
Hi
Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.
If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.
Seburo said
Hi Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue. If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.
Thank you so very much for the info.