Error code: sec_error_ocsp_unknown_cert
Started getting this today on my site...after new Firefox update yesterday.
Secure Connection Failed
An error occurred during a connection to xxxxxxxxxx.com. The OCSP server has no status for the certificate. Error code: sec_error_ocsp_unknown_cert
Opaite Mbohovái (7)
To get an independent assessment of the certificate, you can use the tool on this page: https://www.ssllabs.com/ssltest/.
Assuming that checks out, there might be a problem with your Firefox's access to OCSP or a glitch in a saved certificate...
Could you check that you have the default setting for OCSP?
orange Firefox button (or Tools menu) > Options > Advanced > Certificates mini-tab > "Validation" button
Usually the top box is checked and the lower box is not checked. (Screen shot)
Try the solution here:
Seeing the same issue when connecting to my own server. SSL Cert checks out as valid (https://www.ssllabs.com/ssltest/analyze.html?d=mini.joshuaochs.com), and OCSP settings are defaults. I run Firefox in permanent private browsing mode, so it's definitely not hanging onto any old session data. This is on Firefox 25.0.1 (downloading 26 now), so it's not necessarily a new bug.
Hi diamondsw, if you check the Servers tab of the dialog, have you saved any certificates for your server? If so, try removing it and see whether that helps.
I'm not sure what is used and what is disregarded in private mode. To make the cleanest comparison, could you do a two-minute experiment?
Create a new Firefox profile
A new profile will have your system-installed plugins (e.g., Flash) and extensions (e.g., security suite toolbars), but no themes, other extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder.
Exit Firefox and start up in the Profile Manager using Start > search box (or Run):
firefox.exe -P
Any time you want to switch profiles, exit Firefox and return to this dialog.
You'll click the Create Profile button. I recommend using the default location suggested, and to avoid data loss, not re-using any existing folder. Then start Firefox in the new profile you created.
Same cert error in the new profile? Works okay?
When returning to the Profile Manager, you might be tempted to use the Delete Profile button. But... it's a bit too easy to accidentally delete your "real" profile, so I recommend resisting the temptation. If you do want to clean up later, I suggest making a backup of all your profiles first in case something were to go wrong.
You can also try to rename the cert8.db file (cert8.db.old) in the current profile folder temporarily to see if that has effect.
Rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
You can use this button to go to the Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
Already tried deleting both files and unchecked both OCSP options in the Advance Settings. Neither work. This just started today also, so it's definitely somethings to do with latest Firefox update majorly borked up somewhere.
hello nargus, i have answered your question at https://support.mozilla.org/questions/994264