On May 11, 2014, at 7:21 AM, Angus Scott-Fleming <an...@geoapps.com> wrote:
> I was trying to read a post at https://blog.pfsense.org/ > but Firefox reports an OCSP failure at this site. > > Problem loading page > https://blog.pfsense.org/?p=1287 > > Secure Connection Failed > > An error occurred during a connection to > blog.pfsense.org. The OCSP server experienced an > internal error. (Error code: > sec_error_ocsp_server_error) > > The page you are trying to view cannot be shown > because the authenticity of the received data could > not be verified. > Please contact the website owners to inform them > of this problem. Alternatively, use the command > found in the help menu to report this broken site. > > Seems to me a security-conscious organization like > pfSense should pay close attention to SSL security issues > like this … The OCSP server is run by the registrar, not pfSense. I don’t believe this error has anything to do with mixed content on the page. It simply means that you have hard fail turned on for OCSP and, for some reason, couldn’t check the status at the globalsign server. $ openssl ocsp -CAfile globalsign.pem -issuer globalsign.pem -VAfile globalsign.pem -cert wildcard.pfsense.org.pem -url http://ocsp2.globalsign.com/gsdomainvalg2 -header "HOST" "ocsp2.globalsign.com" Response verify OK wildcard.pfsense.org.pem: good This Update: May 11 18:19:06 2014 GMT Works here. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
