How to troubleshoot secure connection failed due to Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER
I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.
被采纳的解决方案
There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.
OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.
As a temporary workaround, you can set Firefox not to use stapling:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false
You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).
If you don't need to visit this site often, I suggest switching stapling back after this visit.
If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.
定位到答案原位置 👍 7所有回复 (3)
选择的解决方案
There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.
OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.
As a temporary workaround, you can set Firefox not to use stapling:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste ocsp and pause while the list is filtered
(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false
You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).
If you don't need to visit this site often, I suggest switching stapling back after this visit.
If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.
由jscher2000 - Support Volunteer于
Thanks for the quick help.