How do I bypass OCSP Errors?
I've visited some sites recently that cause Firefox to show me errors like:
" Secure Connection Failed
An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) "
I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button.
I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option.
I would like not to disable OCSP, so does another solution or workaround exist for this?
Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.
所有回复 (1)
Hi palswim, Thank you for your question. I have seen this issue before and this is still a new feature for me, however the OCSP is pretty black and white. The only functions in about:config when you search for OCSP are there. Enable, require, and enable stapling. disabling require would turn of the function/ It may be best to try the #security irc channel on this one.
Plans for revocation