The Computer Oracle

"sec_error_ocsp_server_error" when trying to open a HTTPS page

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Popsicle Puzzles

--

Chapters
00:00 &Quot;Sec_error_ocsp_server_error&Quot; When Trying To Open A Https Page
00:43 Answer 1 Score 7
02:01 Accepted Answer Score 4
02:40 Answer 3 Score 2
03:23 Thank you

--

Full question
https://superuser.com/questions/755755/s...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#firefox

#avk47


ANSWER 1

Score 7


Issue #1: sec_error_ocsp_server_error can occur for other reasons than OCSP server internal error.

From Bugzilla bug 495380:

SEC_ERROR_OCSP_SERVER_ERROR is used 5 times in ocsp.c for everything from an internal OCSP server error to failing create the request session and any number of different problems writing the request to the remote server.`

Issue #2: I believe that Firefox is caching this error but should not do so, so I created Bugzilla bug report 1014979.

Workarounds (from a post that I wrote at another forum):

Method #1: Restart Firefox.

Method #2: Go to Options->Advanced->Certificates-> Validation. Set checkbox "When an OCSP server connection fails, treat the certificate as invalid" to the opposite of what it is now, and then press OK button twice. That is sufficient to clear the OCSP cache. However, since you probably want the original setting that you just changed, go to Options->Advanced->Certificates-> Validation and set checkbox "When an OCSP server connection fails, treat the certificate as invalid" back to the value that was there before you read this post, then press OK button twice.



ACCEPTED ANSWER

Score 4


When you were trying to connect to the page, your connection or the server was momentarily unavailable and you have set "When an OCSP connection fails, treat the certificated as invalid". Firefox cache this error for a while (5 minutes, more or less) where you can't connect to the server. The only solution is deactivating the option in your configuration and activating it again, reseting the counter.

If the server uses OCSP stapling, this shouldn't be a problem. Try contacting the server administrator and report the issue.



ANSWER 3

Score 2


The OCSP connection, like standard HTTP connections, made by Firefox may be affected by addons, notably ad blockers.

To verify the issue, take the normal path of disabling the addons, and then once the addon is identified, leave it enabled and disable the ad blocking subscriptions, to narrow the cause. However, each test must be run after a clean restart of Firefox, as OCSP responses are cached including server failures, and there is no way to clear the OCSP cache.

If the failure is do to a broken ad blocker subscription, please then report the fact to the author.

I have personally experienced this issue, had it fixed, and verified the fix.