We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Avatar for Username

Pretraži podršku

Izbjegni prevare podrške. Nikad te nećemo tražiti da nas nazoveš, da nam pošalješ telefonski broj ili da podijeliš osobne podatke. Prijavi sumnjive radnje pomoću opcije „Prijavi zlouporabu”.

Saznaj više

Error code: SEC_ERROR_REVOKED_CERTIFICATE - OCSP query fails: how to report?

lucrs4096
lucrs4096
more options

Today I suddenly started receiving the error code: SEC_ERROR_REVOKED_CERTIFICATE on a secure authentication page that was working until a few hours earlier, belonging to a major national bank.

https://www.ssllabs.com/ssltest/ cannot reach that page, other SSL checking sites report variable results (some say one cert in the chain has expired after a CRL, others say all is OK)

The same page/site works flawlessly on Chrome. Firefox incompatibility with popular portals is a growing trend unfortunately.

After a little digging with developer tools, it comes out the OCSP query reports the REVOKED_CERTIFICATE error. Disabling the "Query OCSP [..]" option in Firefox that website starts working fine again.

Now, I would like to still keep using the OCSP queries ON, and I definitely want to keep using Firefox for everything.

My question is: when a portal or website is found to be broken with Firefox (with default settings), with a root cause found like in this case, how can it be reported?

Having a clear report path would be useful to try to make the browser more compatible (in this case : was this a bug? Some wrong information on OCSP responders? Some mess caused by the website mantainers?)

Today I suddenly started receiving the error code: SEC_ERROR_REVOKED_CERTIFICATE on a secure authentication page that was working until a few hours earlier, belonging to a major national bank. https://www.ssllabs.com/ssltest/ cannot reach that page, other SSL checking sites report variable results (some say one cert in the chain has expired after a CRL, others say all is OK) The same page/site works flawlessly on Chrome. Firefox incompatibility with popular portals is a growing trend unfortunately. After a little digging with developer tools, it comes out the OCSP query reports the REVOKED_CERTIFICATE error. Disabling the "Query OCSP [..]" option in Firefox that website starts working fine again. Now, I would like to still keep using the OCSP queries ON, and I definitely want to keep using Firefox for everything. My question is: when a portal or website is found to be broken with Firefox (with default settings), with a root cause found like in this case, how can it be reported? Having a clear report path would be useful to try to make the browser more compatible (in this case : was this a bug? Some wrong information on OCSP responders? Some mess caused by the website mantainers?)

Svi odgovori (1)

chris wilson
chris wilson
more options

This issue highlights a mix of technical and compatibility challenges. The error code SEC_ERROR_REVOKED_CERTIFICATE suggests Firefox detected a revoked certificate via the OCSP query, which safeguards users against compromised certificates. Chrome's ability to load the page may indicate differences in OCSP enforcement or fallback behavior between browsers.

For reporting:

Bug Reporting: File a detailed report on Mozilla’s Bugzilla (https://bugzilla.mozilla.org/), including steps to reproduce and diagnostic data like OCSP responses or SSL Labs results.

Notify the Website: Inform the website’s support team of potential misconfigurations in their certificate chain or OCSP responder.

Community Insights: Engage with Mozilla’s support forums for feedback and validation before escalating.

Korisno?

Postavi pitanje

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.