How do I bypass OCSP Errors?
I've visited some sites recently that cause Firefox to show me errors like:
" Secure Connection Failed
An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) "
I would expect a button on the page that says something like "Add Exception...", but the page only gives me the "Try Again" button.
I can work around this by disabling OCSP completely in the "Options > Advanced > Certificates > Validation" section (by un-checking the "Use the [OCSP]..." box). Other solutions I've seen to similar problems (e.g. un-checking the "When an OCSP connection ... fails..." in the aforementioned "Validation" section or setting "security.ssl.enable_ocsp_stapling" to false in "about:config") do not let me load the page and do not provide an "Add Exception..." option.
I would like not to disable OCSP, so does another solution or workaround exist for this?
Also, we don't need a discussion about every site needing perfect certificate compliance with these answers, only solutions to the actual problem.
Tất cả các câu trả lời (1)
Hi palswim, Thank you for your question. I have seen this issue before and this is still a new feature for me, however the OCSP is pretty black and white. The only functions in about:config when you search for OCSP are there. Enable, require, and enable stapling. disabling require would turn of the function/ It may be best to try the #security irc channel on this one.
Plans for revocation