On 06/28/2015 04:08 PM, David E. Ross wrote: > I am getting a number of failures to reach Web sites. The error message > says: > > An error occurred during a connection to [some domain]. > Invalid OCSP signing certificate in OCSP response. > (Error code: sec_error_ocsp_invalid_signing_cert)
The common causes for this were bad clock or expired signing certificate for the OCSP response. Firefox used to have another requirement/restricting the responder's certificate chain (something like site's issuing CA cert had to match responder's CA cert, but I can't find the correct bugzilla entry now, there's too many of them for sec_error_ocsp_invalid_signing_cert). I'd check OCSP responses the sites in question with openssl first if it finds an error or not. Ondrej _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
