We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

How to troubleshoot secure connection failed due to Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER

  • 3 răspunsuri
  • 17 au această problemă
  • 1 vizualizare
  • Ultimul răspuns de cor-el

more options

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.

I am trying to load https://www.thewomenshome.org/ I get the problem loading page, secure connection failed Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER. It doesn't give me the option to hit advance and go to the site anyway. I can also reach the events page for this site but not the main home page.
Capturi de ecran atașate

Soluție aleasă

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Citește acest răspuns în context 👍 7

Toate răspunsurile (3)

more options

Soluție aleasă

There is something wrong with the server's configuration. If you disable one of Firefox's OCSP-related features, you can access the page.

OCSP is a method to check whether a certificate has been revoked after issuance and before the certificate's normal expiration -- certificates are sometimes issued by mistake. In addition to the traditional method of reading the certificate and sending a request to the issuer, Firefox supports a method called "stapling" which allows the server to send a confirmation of validity itself. This saves a little time in checking the certificate because Firefox doesn't have to check with the issuer. But some sites do not work with stapling on due to a server configuration error.

As a temporary workaround, you can set Firefox not to use stapling:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch it from true to false

You will need to reload the problem page (possibly bypassing the cache using Ctrl+Shift+r).

If you don't need to visit this site often, I suggest switching stapling back after this visit.

If you prefer to keep stapling enabled, you can visit the site in Google Chrome. Chrome doesn't do OCSP checks.

Modificat în de jscher2000 - Support Volunteer

more options

Thanks for the quick help.

more options