OCSP error when accessing secure sites

From MozillaZine Knowledge Base
Jump to navigationJump to search

OCSP (Online Certificate Status Protocol) is a security feature that ensures that certificates issued to sites you visit have not been revoked. This article deals with OCSP error messages when visiting secure (https) sites.

OCSP is disabled by default in Firefox 2, but can be enabled in Advanced options ("Tools -> Options -> Advanced ->Encryption / Certificates -> Verification). If OCSP is enabled, you may receive errors visiting secure sites when the OCSP service chosen is malfunctioning or not available. The text of the messages can vary depending on what exactly is going wrong.

In Firefox 3 and above, OCSP is enabled by default; however, errors when an OCSP server connection fails are also suppressed by default ("Tools -> Options -> Advanced -> Encryption -> Validation -> When an OCSP server connection fails, treat the certificate as invalid" is unchecked, by default). [1]

There is no way to suppress these errors in Firefox 2 and below, short of disabling OCSP. To disable OCSP in Firefox 2:

  1. Go to "Tools -> Options -> Advanced -> Encryption / Certificates -> Verification".
  2. Select Do not use OCSP for certification validation.

For information on other messages received when accessing secure sites, see Error loading secure sites.

External links