cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Firefox cannot open this site (OCSP)

wroot
Super Contributor

‎Dec 14 2021 09:47 AM

‎Dec 14 2021 09:47 AM

Firefox cannot open this site (OCSP)

Today suddenly Firefox is not able to open this site anymore. Shows

Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

Works in Edge (probably also Chrome). Same error using fresh profile in Firefox. Cannot reach OCSP service to check the cert revocation info or something like that. Same happens in VM, so not PC problem.

Labels:
2,155 Views
0 Likes
4 Replies
Reply
4 Replies
Allen

‎Dec 14 2021 10:06 AM

‎Dec 14 2021 10:06 AM

Re: Firefox cannot open this site (OCSP)

@wroot 


Thanks for the report, this is a new feature in Mozilla Firefox called OCSP Stapling and is designed to be a new way to verify the authenticity of a website certificate, you can read more about it here.

 

I had seen this before and there is an article over on askvg (external site) about it, I will have a chat with out security folks as it doesn't look like its only us thats affected and see if there is something we can do other than advise users to turn it off..

 

I don't like telling users to turn off things to improve security :p

 

Allen

1 Like
Reply
wroot

‎Dec 14 2021 10:17 AM

‎Dec 14 2021 10:17 AM

Re: Firefox cannot open this site (OCSP)

Thanks. This seems to be related to SHA-256 use in OCSP and Firefox not supporting it yet https://bugzilla.mozilla.org/show_bug.cgi?id=966856
0 Likes
Reply
best response confirmed by wroot (Super Contributor)
Allen

‎Dec 16 2021 12:19 AM

‎Dec 16 2021 12:19 AM

Solution

RE: Firefox cannot open this site (OCSP)

This has now been worked around, we will obviously now wait for the bug fix from Mozilla before we undo the workaround. Thanks for highlight.
1 Like
Reply
wroot

‎Dec 16 2021 02:19 AM

‎Dec 16 2021 02:19 AM

RE: Firefox cannot open this site (OCSP)

Tested. Works now without disabling stapling. Thanks.
I saw that bug ticket for Firefox was resolved, so maybe in next release it will get fixed.
0 Likes
Reply