I would like to access Google and YouTube - important to my work - please stop blocking
Lately, I keep getting the message that "The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites"
You say to click on the Advanced button and I will be allowed to click on Exception, but the Exception button never shows up. Now I am finding that you're doing the same when I try to do a search on google.com as well. I need to use these websites for my work, so please stop blocking them.
Chosen solution
Might you have customized "OCSP" settings? Firefox normally checks with an OCSP server on whether a site's certificate has been revoked. Sometimes the server does not respond and then Firefox normally treats the certificate as not revoked. However, some users have customized Firefox to treat the certificate as revoked in that situation, and this can cause the problem you're encountering, when the OCSP server is not responding.
Please see this thread: SEC_ERROR_UNKNOWN_ISSUER on google. youtube since yesterday.
Or in more detail:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
(3) If the security.OCSP.require preference is bolded and "modified" or "user set" to true, double-click it to restore the default value of false
You may need to reload your Google page bypassing the cache, using either:
- Shift+click the reload button
- Ctrl+Shift+r (on Mac Command+Shift+r)
All Replies (7)
hi, first please make sure that the date, time & timezone are set correctly on your system. if this doesn't solve the issue (or it is already set properly), a solution depends on the individual circumstances:
- what is the error code shown when you click on advanced on that error page?
- please also give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum like shown in the screenshot.
thank you!
Hi, thanks for replying. Yes my date, time, and timezone are set correctly.
This is the message I get back when I hit the "advanced" button: www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
thanks, in this case please also copy/paste the error details here into a reply too like it's shown in the screenshot before.
Chosen Solution
Might you have customized "OCSP" settings? Firefox normally checks with an OCSP server on whether a site's certificate has been revoked. Sometimes the server does not respond and then Firefox normally treats the certificate as not revoked. However, some users have customized Firefox to treat the certificate as revoked in that situation, and this can cause the problem you're encountering, when the OCSP server is not responding.
Please see this thread: SEC_ERROR_UNKNOWN_ISSUER on google. youtube since yesterday.
Or in more detail:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
(3) If the security.OCSP.require preference is bolded and "modified" or "user set" to true, double-click it to restore the default value of false
You may need to reload your Google page bypassing the cache, using either:
- Shift+click the reload button
- Ctrl+Shift+r (on Mac Command+Shift+r)
To clarify, this does not completely disable checking whether a certificate is revoked. There are two different preferences:
- security.OCSP.enabled = 1 (default setting) requires Firefox to check the cert with the OCSP server to make sure it hasn't been revoked
- security.ocsp.require determines what happens if the OCSP server does not respond
- false (default setting) treats the cert as not revoked and you can connect normally
- true treats the cert as revoked and prevents you from connecting
I suppose your choice about "require" depends on how often you expect to encounter a server with a revoked certificate and a nonresponsive OCSP server. I think the risk is low, but then, I may not be as adventurous in my browsing as you are.
Thank you! Using your instructions, I am able to connect to YouTube and Google once more. I'd been able to connect to them previously, so not sure how they became "revoked" without me doing anything.
Jenna555 said
I'd been able to connect to them previously, so not sure how they became "revoked" without me doing anything.
General opinion is that there's a problem with one of Google's servers and it should be fixed eventually.