Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Same certificate not verified on one site but is on another

  • 2 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 MrTree

MrTree
MrTree
more options

I have a wildcard SSL certificate used to secure a live and test site. With identical code the test site shows fine in Firefox (Windows Version 38.0.5) but the live site will not show and replaces the page with: "Secure Connection Failed

An error occurred during a connection to app.cognisess.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) 

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the web site owners to inform them of this problem."

The security details show the certificate as "Verified by: Not specified" in the live site, while test site shows verified by GlobalSign nv-sa

Presumably if it's the same certificate, we shouldn't get an error in one place but not an other. Working fine with no errors on latest Chrome/IE, etc. I've verified there is no mixed-content on the page both manually and via whynopadlock.com.

Live site is https://app.cognisess.com and test site just replace app with testing.

Any ideas? I'd appreciate any help fixing this issue at our end if it's not a bug in the browser.

I have a wildcard SSL certificate used to secure a live and test site. With identical code the test site shows fine in Firefox (Windows Version 38.0.5) but the live site will not show and replaces the page with: "Secure Connection Failed An error occurred during a connection to app.cognisess.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem." The security details show the certificate as "Verified by: Not specified" in the live site, while test site shows verified by GlobalSign nv-sa Presumably if it's the same certificate, we shouldn't get an error in one place but not an other. Working fine with no errors on latest Chrome/IE, etc. I've verified there is no mixed-content on the page both manually and via whynopadlock.com. Live site is https://app.cognisess.com and test site just replace app with testing. Any ideas? I'd appreciate any help fixing this issue at our end if it's not a bug in the browser.

被采纳的解决方案

That looks like a problem with OCSP stapling that isn't working properly. The server should support OCSP stapling.

It works if I disable OCSP stapling, but that is not recommended for normal usage.

定位到答案原位置 👍 2

所有回复 (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

选择的解决方案

That looks like a problem with OCSP stapling that isn't working properly. The server should support OCSP stapling.

It works if I disable OCSP stapling, but that is not recommended for normal usage.

MrTree
MrTree 提问者
more options

Thanks for pushing me in the right direction. I hadn't thought to check the server cipher set, but by using the set recommended by the IISCrypto tool from Nartac, and rebooted, our live site is working again.