(Invalid OCSP signing certificate in OCSP response(Error code: sec_error_ocsp_invalid_signing_cert)
After this update (31.0), I get this error when I try to go to Fanfiction.net. Is there anything being done, or is there anything I can do? I will not do anything that's open my computer to viruses.
Chosen solution
hello granberrydl, ocsp is an advanced security feature in firefox - this error needs to be fixed by the web site in question, so please also contact their support channels and report the issue.
you can temporarily work around the issue and turn off ocsp stapling:
enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.ssl.enable_ocsp_stapling. double-click it and change its value to false.
since this will slightly lower your security, it is important however, that after a bit of time when the issue gets resolved by the site (maybe try again in 24 hours), you go back and switch the setting to "true" again!
All Replies (3)
Chosen Solution
hello granberrydl, ocsp is an advanced security feature in firefox - this error needs to be fixed by the web site in question, so please also contact their support channels and report the issue.
you can temporarily work around the issue and turn off ocsp stapling:
enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.ssl.enable_ocsp_stapling. double-click it and change its value to false.
since this will slightly lower your security, it is important however, that after a bit of time when the issue gets resolved by the site (maybe try again in 24 hours), you go back and switch the setting to "true" again!
Yup, started again. Hope someone fixes this fast.
This just started happening for me as well. I have verified that our certs are all still valid and unrevoked, and testing using GlobalSign's verification utility which said our site was configured correctly and passes testing for OCSP. We are serving a survey consumed by universities but filled out by their alumni, so we have no contact with the users of our site, meaning that the workaround is not viable and it is effectively broken for everyone using FF.
Edit: I checked our site right before I started typing this reply and it was not working after multiple CTRL+F5 refreshes. I checked it after, and it was back to working. I am the sole maintainer of the domain and the certificates on it, and I can verify that nothing was done to our site to either cause it to stop working or start working again.
Modified