We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Secure Connection Failed" (Error Code:sec_error_ocsp_unknown_cert)

  • 8 replies
  • 1 has this problem
  • 1 view
  • Last reply by cor-el

more options

Just since 95.0 update Im getting ""Secure Connection Failed" (Error Code:sec_error_ocsp_unknown_cert)" when trying to connect to some sites, the most recent is "https://www.microsoft.com". I have set security.ssl.enable_ocsp_stapling to false, is there a planed fix for this, googling shows that its become a issue recently. Thank Al

Just since 95.0 update Im getting ""Secure Connection Failed" (Error Code:sec_error_ocsp_unknown_cert)" when trying to connect to some sites, the most recent is "https://www.microsoft.com". I have set security.ssl.enable_ocsp_stapling to false, is there a planed fix for this, googling shows that its become a issue recently. Thank Al

All Replies (8)

more options

What security software are you running?

more options

This is something that the website needs to fix. Browsers like Google Chrome do not check the OCSP response as strict as Firefox does (if at all) and aren't affected if the OCSP response send via OCSP stapling is broken or invalid, but Firefox considers this as a security breach and refuses to access the website. This might only be an issue with a specific mirror server and others might not be affected, so I'm not sure whether MS is already aware.

more options

jonzn4SUSE - Defender and malwarebytes on a windows 11 PC and defender on my windows 10 laptop both having Firefox issues with Microsoft as well as at least one other site (The Opensky Network, which is where this all started)

Modified by 1aught

more options

Users have been reporting OCSP-related issues with various Microsoft sites since last Friday. I haven't had an issue with other addresses mentioned but with the www site I currently get:

An error occurred during a connection to www.microsoft.com. The OCSP response does not include a status for the certificate being verified. Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

The inconsistency among users suggests that just a few boxes in the Akamai Content Distribution Network need to be fixed.

more options

Last night, I could open links on docs.microsoft.com but now I get the MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error there while the www site opens without drama (on 184.27.30.29). Frustrating.

more options

The problem has been identified as Firefox not supporting SHA-2 hashes in certificate IDs in OCSP certificates. Apparently some of the OCSP certificates in the Microsoft/Akamai network use SHA-2 hashes that way.

A patch was submitted a few hours ago that needs to undergo testing, and assuming it doesn't cause other problems, it should be included in the next update. I don't have an idea of when that might be released.

more options

Hi

Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.

If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.

more options

You can update to 95.0.1 via "Help -> About Firefox" to get a fix for this issue.

If you have modified security.ssl.enable_ocsp_stapling on the about:config page then reset the pref to re-enable OCSP.