SOLVED

Firefox cannot open this site (OCSP)

Silver Contributor

Today suddenly Firefox is not able to open this site anymore. Shows

Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

Works in Edge (probably also Chrome). Same error using fresh profile in Firefox. Cannot reach OCSP service to check the cert revocation info or something like that. Same happens in VM, so not PC problem.

4 Replies

@wroot 


Thanks for the report, this is a new feature in Mozilla Firefox called OCSP Stapling and is designed to be a new way to verify the authenticity of a website certificate, you can read more about it here.

 

I had seen this before and there is an article over on askvg (external site) about it, I will have a chat with out security folks as it doesn't look like its only us thats affected and see if there is something we can do other than advise users to turn it off..

 

I don't like telling users to turn off things to improve security :p

 

Allen

Thanks. This seems to be related to SHA-256 use in OCSP and Firefox not supporting it yet https://bugzilla.mozilla.org/show_bug.cgi?id=966856
best response confirmed by wroot (Silver Contributor)
Solution
This has now been worked around, we will obviously now wait for the bug fix from Mozilla before we undo the workaround. Thanks for highlight.
Tested. Works now without disabling stapling. Thanks.
I saw that bug ticket for Firefox was resolved, so maybe in next release it will get fixed.
1 best response

Accepted Solutions
best response confirmed by wroot (Silver Contributor)
Solution
This has now been worked around, we will obviously now wait for the bug fix from Mozilla before we undo the workaround. Thanks for highlight.

View solution in original post