This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How do I bypass OCSP Errors?

  • 1 cavab
  • 12 have this problem
  • 7 views
  • Last reply by guigs

more options

I've visited some sites recently that cause Firefox to show me errors like:

" Secure Connection Failed

An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) "

I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button.

I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option.

I would like not to disable OCSP, so does another solution or workaround exist for this?

Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.

I've visited some sites recently that cause Firefox to show me errors like: " Secure Connection Failed An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) " I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button. I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option. I would like not to disable OCSP, so does another solution or workaround exist for this? Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.

All Replies (1)

more options

Hi palswim, Thank you for your question. I have seen this issue before and this is still a new feature for me, however the OCSP is pretty black and white. The only functions in about:config when you search for OCSP are there. Enable, require, and enable stapling. disabling require would turn of the function/ It may be best to try the #security irc channel on this one.

Plans for revocation