This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to troubleshoot secure connection failed due to Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER

  • 3 replies
  • 17 have this problem
  • 537 views
  • Last reply by cor-el

more options

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.
Attached screenshots

Chosen solution

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Read this answer in context 👍 7

All Replies (3)

more options

Chosen Solution

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Modified by jscher2000 - Support Volunteer

more options

Thanks for the quick help.

more options