Firefox is suddenly BLOCKING Microsoft's Outlook.com and Hotmail.com
I would like to know just how exactly Microsoft's email servers at Outlook.com and Hotmail.com are "unsecure" and now blocked.
The address is https://mail.live.com/
I have no issue getting there through Microsoft's browser. But I would prefer to keep using Firefox. But I would not prefer having to go through hoops of trying different cookie deletions etc.
And after many, many years with Firefox I about to uninstall it and give in and start using Edge because of the many, many, many, many, many, many times Firefox will not allow me to use commercial websites for similar reasons, or because they will not accept that Flash is still a major part of commercial enterprises.
All Replies (2)
Today (May 28, 2017) I too was blocked from accessing outlook.com (https://outlook.live.com/owa/?path=/mail/inbox), with the following message: An error occurred during a connection to outlook.live.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT
Of course, I signed in successfully with Chrome and IE. Firefox is not doing itself any favors with this kind of nonsense.
If you get the SEC_ERROR_OCSP_INVALID_SIGNING_CERT error message then this is a problem with Microsoft servers that are sending a cached OCSP Staplingresponse that is signed with an expired certificate.
Microsoft needs to reboot/repair the servers that have cached this expired certificate that is used to sign the OCSP Stapling response. You should no longer experience this issue once the server that you access has been fixed. Hopefully they will fix this quickly on affected servers.
As a workaround you can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you.
- security.ssl.enable_ocsp_stapling = false
You can open the about:config page: via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
It is best to reset this pref via the right-click context menu to true once you are done with accessing an affected website since this is a security feature.
See also: