OCSP error when accessing secure sites: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(Firefox 3 and above enables OCSP by default, option to suppress certificate error when OCSP fails is disabled by default - bug 110161 See Talk:SSL_is_disabled#OCSP)
m (→‎External links: updated SUMO link)
 
Line 12: Line 12:


==External links==
==External links==
*[http://support.mozilla.com/en-US/kb/OCSP+error+when+accessing+secure+sites OCSP error when accessing secure sites (Firefox Support)]
*[http://support.mozilla.com/kb/The+OCSP+server+has+no+status+for+the+certificate The OCSP server has no status for the certificate (Firefox Support)]
*[https://bugzilla.mozilla.org/show_bug.cgi?id=110161  Bug 110161 -  (ocspdefault) enable OCSP by default]
*[https://bugzilla.mozilla.org/show_bug.cgi?id=110161  Bug 110161 -  (ocspdefault) enable OCSP by default]



Latest revision as of 14:22, 9 September 2009

OCSP (Online Certificate Status Protocol) is a security feature that ensures that certificates issued to sites you visit have not been revoked. This article deals with OCSP error messages when visiting secure (https) sites.

OCSP is disabled by default in Firefox 2, but can be enabled in Advanced options ("Tools -> Options -> Advanced ->Encryption / Certificates -> Verification). If OCSP is enabled, you may receive errors visiting secure sites when the OCSP service chosen is malfunctioning or not available. The text of the messages can vary depending on what exactly is going wrong.

In Firefox 3 and above, OCSP is enabled by default; however, errors when an OCSP server connection fails are also suppressed by default ("Tools -> Options -> Advanced -> Encryption -> Validation -> When an OCSP server connection fails, treat the certificate as invalid" is unchecked, by default). [1]

There is no way to suppress these errors in Firefox 2 and below, short of disabling OCSP. To disable OCSP in Firefox 2:

  1. Go to "Tools -> Options -> Advanced -> Encryption / Certificates -> Verification".
  2. Select Do not use OCSP for certification validation.

For information on other messages received when accessing secure sites, see Error loading secure sites.

External links