搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Same certificate not verified on one site but is on another

  • 2 回覆
  • 2 有這個問題
  • 1 次檢視
  • 最近回覆由 MrTree

more options

I have a wildcard SSL certificate used to secure a live and test site. With identical code the test site shows fine in Firefox (Windows Version 38.0.5) but the live site will not show and replaces the page with: "Secure Connection Failed

An error occurred during a connection to app.cognisess.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the web site owners to inform them of this problem."

The security details show the certificate as "Verified by: Not specified" in the live site, while test site shows verified by GlobalSign nv-sa

Presumably if it's the same certificate, we shouldn't get an error in one place but not an other. Working fine with no errors on latest Chrome/IE, etc. I've verified there is no mixed-content on the page both manually and via whynopadlock.com.

Live site is https://app.cognisess.com and test site just replace app with testing.

Any ideas? I'd appreciate any help fixing this issue at our end if it's not a bug in the browser.

I have a wildcard SSL certificate used to secure a live and test site. With identical code the test site shows fine in Firefox (Windows Version 38.0.5) but the live site will not show and replaces the page with: "Secure Connection Failed An error occurred during a connection to app.cognisess.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem." The security details show the certificate as "Verified by: Not specified" in the live site, while test site shows verified by GlobalSign nv-sa Presumably if it's the same certificate, we shouldn't get an error in one place but not an other. Working fine with no errors on latest Chrome/IE, etc. I've verified there is no mixed-content on the page both manually and via whynopadlock.com. Live site is https://app.cognisess.com and test site just replace app with testing. Any ideas? I'd appreciate any help fixing this issue at our end if it's not a bug in the browser.

被選擇的解決方法

That looks like a problem with OCSP stapling that isn't working properly. The server should support OCSP stapling.

It works if I disable OCSP stapling, but that is not recommended for normal usage.

從原來的回覆中察看解決方案 👍 2

所有回覆 (2)

more options

選擇的解決方法

That looks like a problem with OCSP stapling that isn't working properly. The server should support OCSP stapling.

It works if I disable OCSP stapling, but that is not recommended for normal usage.

more options

Thanks for pushing me in the right direction. I hadn't thought to check the server cipher set, but by using the set recommended by the IISCrypto tool from Nartac, and rebooted, our live site is working again.