Currently only SHA1 in CertID is supported for a Stapled OCSP response in Firefox. Currently some servers have started using SHA2 in CertID and that causes the MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error message. This is being worked on by Mozilla and an initial fix is ready for testing and will be ported to current releases via an update. As a workaround for now you can disable OCSP stapling in Firefox, but since this is a security feature to check the validity of a certificate then best to only disable this if you get an error visiting MS websites.

• /questions/1360790 Cannot browse to https://docs.microsoft.com MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
• /questions/1361257 Secure Connection Failed" (Error Code:sec_error_ocsp_unknown_cert)

Hi

Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.

If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.

You can update to 95.0.1 via "Help -> About Firefox" to get a fix for this issue.

• https://support.mozilla.org/en-US/kb/update-firefox-latest-release

If you have modified security.ssl.enable_ocsp_stapling on the about:config page then reset the pref to re-enable OCSP.