I just made quick test over the website that you provided (www.ssa.gov)
by manually generating ocsp request to its CA and found that the ocsp
server of DigiCert (http://ocsp.digicert.com) having issues. If the
website of Robert Vipperman has signed by DigiCert then he might be
getting affected from same issue.
Command that I invoked from linux:
openssl ocsp -issuer chain.pem -cert www.ssa.gov.pem -text -url
http://ocsp.digicert.com
Responce:
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CF26F518FAC97E8F8CB342E01C2F6A109E8E5F0A
Issuer Key Hash: 5168FF90AF0207753CCCD9656462A212B859723B
Serial Number: 05A95C0D34A831F37F8A5F729CC23C74
Request Extensions:
OCSP Nonce:
04103413E42BB3E68482E3A4B42241408E52
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: 5168FF90AF0207753CCCD9656462A212B859723B
Produced At: Oct 23 14:04:14 2017 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: CF26F518FAC97E8F8CB342E01C2F6A109E8E5F0A
Issuer Key Hash: 5168FF90AF0207753CCCD9656462A212B859723B
Serial Number: 05A95C0D34A831F37F8A5F729CC23C74
Cert Status: good
This Update: Oct 23 14:04:14 2017 GMT
Next Update: Oct 30 13:19:14 2017 GMT
Signature Algorithm: sha256WithRSAEncryption
9f:71:8d:af:c5:94:39:7f:cd:cb:2b:5b:09:4b:4d:53:83:af:
1b:31:5e:9a:f7:88:b4:5f:87:a8:98:a8:8b:c8:7e:37:ec:88:
41:be:2d:89:5b:30:c6:f7:4b:93:70:2b:8f:fe:6e:17:87:ba:
a7:e3:e1:4d:ac:b1:75:26:aa:1a:ad:6c:55:99:15:1d:5f:fe:
54:b2:2c:72:d3:27:46:76:37:f0:1b:b6:c3:2f:81:c9:57:1d:
71:62:b8:ed:ae:18:32:0d:3b:a6:0b:93:59:e5:dc:ab:9b:be:
a2:1f:08:c3:dd:1e:26:ec:0b:30:0d:f6:0c:d2:05:34:05:8b:
b2:79:12:52:5e:73:fb:13:ce:34:b0:c6:d4:5e:da:e4:ca:0c:
3a:1e:ab:44:b4:80:bc:f0:1f:49:c8:df:14:05:47:89:de:6f:
54:e6:c2:80:b4:e6:e3:db:74:84:2a:57:17:88:88:8d:dd:55:
f8:55:21:1b:b4:cf:bc:c7:76:5c:23:99:c3:16:d5:f0:fd:2d:
c9:e1:f9:07:e7:72:f1:38:74:b8:bc:ad:10:fc:a4:e3:c4:73:
e7:6a:38:9f:c0:3d:f8:e0:21:d4:ae:61:aa:8f:fd:f8:23:31:
84:7f:cc:07:22:73:da:83:2c:dc:f9:a3:14:db:58:ae:1d:e5:
82:b9:c0:d1
WARNING: no nonce in response
Response Verify Failure
139890693134240:error:27069076:OCSP routines:OCSP_basic_verify:signer
certificate not found:ocsp_vfy.c:92:
www.ssa.gov.pem: good
This Update: Oct 23 14:04:14 2017 GMT
Next Update: Oct 30 13:19:14 2017 GMT
On 23/10/17 18:49, Madsen, Stuart wrote:
Yes,
My name is Stuart Madsen; I was trying to access the www.ssa.gov
<http://www.ssa.gov>, starting yesterday from my home network, I began
getting the same error message! I had no trouble about a three weeks
ago or so. I can’t honestly remember to be sure when I accessed the
site but I had no trouble then!!!
I attempted to access the web site yesterday after having upgraded to
the latest java update. I will have to check when I get home what
version I upgraded to, and try to re-install the previous Java
release, and see if that makes a difference!
Stuart Madsen
[email protected] <mailto:[email protected]>
254-715-2268 (cell)
*From:*Enterprise [mailto:[email protected]] *On Behalf
Of *Anvar Kuchkartaev
*Sent:* Monday, October 23, 2017 11:05 AM
*To:* Robert A Vipperman <[email protected]>;
[email protected]
*Subject:* Re: [Mozilla Enterprise] OCSP issues with Firefox?
It is a very strange issue. Chrome and IE might be using ocsp from its
cache. Have you tried to connect to that websites from another network?
Anvar Kuchkartaev
[email protected] <mailto:[email protected]>
*From: *Robert A Vipperman
*Sent: *martes, 17 de octubre de 2017 01:58 p.m.
*To: *[email protected] <mailto:[email protected]>
*Subject: *[Mozilla Enterprise] OCSP issues with Firefox?
All,
We started having issues in the last few days with certain internal
https sites giving the error below. Has anyone else experienced this
issue? These sites load with no issues in IE and Chrome.
Secure Connection Failed
An error occurred during a connection to xxx.xxx.com. Invalid OCSP
signing certificate in OCSP response. Error code:
SEC_ERROR_OCSP_INVALID_SIGNING_CERT
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
_________________________
Robert Vipperman
Dominion Resource Services, Inc.
[email protected] <mailto:[email protected]>
_________________________
------------------------------------------------------------------------
*CONFIDENTIALITY NOTICE:*This electronic message contains information
which may be legally confidential and or privileged and does not in
any case represent a firm ENERGY COMMODITY bid or offer relating
thereto which binds the sender without an additional express written
confirmation to that effect. The information is intended solely for
the individual or entity named above and access by anyone else is
unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution, or use of the contents of this information is
prohibited and may be unlawful. If you have received this electronic
transmission in error, please reply immediately to the sender that you
have received the message in error, and delete it. Thank you.
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
[email protected] with a subject of "unsubscribe"
