Този сайт ще има ограничена функционалност, докато се извършва тече неговата поддръжка. Ако дадена статия не може реши проблема ви и искате да зададете въпрос, нашата общност е готова да ви помогне на @firefox в Twitter и /r/firefox в Reddit.

Avatar for Username

Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

Тази тема беше архивирана. Моля, задайте нов въпрос ако имате нужда от помощ.

How do I bypass OCSP Errors?

  • 1 отговор
  • 12 имат този проблем
  • 1 изглед
  • Последен отговор от guigs

palswim
palswim
more options

I've visited some sites recently that cause Firefox to show me errors like:

" Secure Connection Failed

An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) "

I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button.

I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option.

I would like not to disable OCSP, so does another solution or workaround exist for this?

Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.

I've visited some sites recently that cause Firefox to show me errors like: " Secure Connection Failed An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) " I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button. I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option. I would like not to disable OCSP, so does another solution or workaround exist for this? Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.

Всички отговори (1)

guigs
guigs
more options

Hi palswim, Thank you for your question. I have seen this issue before and this is still a new feature for me, however the OCSP is pretty black and white. The only functions in about:config when you search for OCSP are there. Enable, require, and enable stapling. disabling require would turn of the function/ It may be best to try the #security irc channel on this one.

Plans for revocation