On 10/23/2017 11:13 AM, Madsen, Stuart [Masked] wrote: > > Hi Anvar, > > I also remembered that I had updated Firefox just in the recent past; so is > it possible that the previous release of Firefox would be a workaround? > > If not, what options do I have: is it my system at home, or is it the > www.ssa.gov<http://www.ssa.gov> site? I am not clear where to start > debugging! And how to resolve the issue?
You can turn it off. go to about:config set security.OCSP.enabled to 0. > Thanks in advance, > > Stuart > > > From: Anvar Kuchkartaev [mailto:[email protected]] > Sent: Monday, October 23, 2017 12:09 PM > To: Madsen, Stuart <[email protected]>; Robert A Vipperman > <[email protected]>; [email protected] > Subject: Re: [Mozilla Enterprise] OCSP issues with Firefox? > > > I just made quick test over the website that you provided > (www.ssa.gov<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ssa.gov&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=vyIIZxiabRIjMqqaeGXazjBYWyP1ONEo7WxngHp2IVY%3D&reserved=0>) > by manually generating ocsp request to its CA and found that the ocsp server > of DigiCert > (http://ocsp.digicert.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Focsp.digicert.com&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=eYsp8cU0pzKA5E5K1OZfDiHdDU92VVDPFciVbwq%2FTe8%3D&reserved=0>) > having issues. If the website of Robert Vipperman has signed by DigiCert > then he might be getting affected from same issue. > > Command that I invoked from linux: > > openssl ocsp -issuer chain.pem -cert > www.ssa.gov.pem<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ssa.gov.pem&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=C%2BoUNg3FuFe9ArXldM6D5H4UnWEDu9OqvGRwQvpZV%2Fs%3D&reserved=0> > -text -url > http://ocsp.digicert.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Focsp.digicert.com&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=eYsp8cU0pzKA5E5K1OZfDiHdDU92VVDPFciVbwq%2FTe8%3D&reserved=0> > > Responce: > > OCSP Request Data: > Version: 1 (0x0) > Requestor List: > Certificate ID: > Hash Algorithm: sha1 > Issuer Name Hash: CF26F518FAC97E8F8CB342E01C2F6A109E8E5F0A > Issuer Key Hash: 5168FF90AF0207753CCCD9656462A212B859723B > Serial Number: 05A95C0D34A831F37F8A5F729CC23C74 > Request Extensions: > OCSP Nonce: > 04103413E42BB3E68482E3A4B42241408E52 > OCSP Response Data: > OCSP Response Status: successful (0x0) > Response Type: Basic OCSP Response > Version: 1 (0x0) > Responder Id: 5168FF90AF0207753CCCD9656462A212B859723B > Produced At: Oct 23 14:04:14 2017 GMT > Responses: > Certificate ID: > Hash Algorithm: sha1 > Issuer Name Hash: CF26F518FAC97E8F8CB342E01C2F6A109E8E5F0A > Issuer Key Hash: 5168FF90AF0207753CCCD9656462A212B859723B > Serial Number: 05A95C0D34A831F37F8A5F729CC23C74 > Cert Status: good > This Update: Oct 23 14:04:14 2017 GMT > Next Update: Oct 30 13:19:14 2017 GMT > > Signature Algorithm: sha256WithRSAEncryption > 9f:71:8d:af:c5:94:39:7f:cd:cb:2b:5b:09:4b:4d:53:83:af: > 1b:31:5e:9a:f7:88:b4:5f:87:a8:98:a8:8b:c8:7e:37:ec:88: > 41:be:2d:89:5b:30:c6:f7:4b:93:70:2b:8f:fe:6e:17:87:ba: > a7:e3:e1:4d:ac:b1:75:26:aa:1a:ad:6c:55:99:15:1d:5f:fe: > 54:b2:2c:72:d3:27:46:76:37:f0:1b:b6:c3:2f:81:c9:57:1d: > 71:62:b8:ed:ae:18:32:0d:3b:a6:0b:93:59:e5:dc:ab:9b:be: > a2:1f:08:c3:dd:1e:26:ec:0b:30:0d:f6:0c:d2:05:34:05:8b: > b2:79:12:52:5e:73:fb:13:ce:34:b0:c6:d4:5e:da:e4:ca:0c: > 3a:1e:ab:44:b4:80:bc:f0:1f:49:c8:df:14:05:47:89:de:6f: > 54:e6:c2:80:b4:e6:e3:db:74:84:2a:57:17:88:88:8d:dd:55: > f8:55:21:1b:b4:cf:bc:c7:76:5c:23:99:c3:16:d5:f0:fd:2d: > c9:e1:f9:07:e7:72:f1:38:74:b8:bc:ad:10:fc:a4:e3:c4:73: > e7:6a:38:9f:c0:3d:f8:e0:21:d4:ae:61:aa:8f:fd:f8:23:31: > 84:7f:cc:07:22:73:da:83:2c:dc:f9:a3:14:db:58:ae:1d:e5: > 82:b9:c0:d1 > WARNING: no nonce in response > Response Verify Failure > 139890693134240:error:27069076:OCSP routines:OCSP_basic_verify:signer > certificate not found:ocsp_vfy.c:92: > www.ssa.gov.pem<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ssa.gov.pem&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=C%2BoUNg3FuFe9ArXldM6D5H4UnWEDu9OqvGRwQvpZV%2Fs%3D&reserved=0>: > good > This Update: Oct 23 14:04:14 2017 GMT > Next Update: Oct 30 13:19:14 2017 GMT > > > > On 23/10/17 18:49, Madsen, Stuart wrote: > > Yes, > > My name is Stuart Madsen; I was trying to access the > www.ssa.gov<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ssa.gov&data=01%7C01%7CStuart_Madsen%40baylor.edu%7C1c9b7facdbf9481f732f08d51a38b9d8%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=vyIIZxiabRIjMqqaeGXazjBYWyP1ONEo7WxngHp2IVY%3D&reserved=0>, > starting yesterday from my home network, I began getting the same error > message! I had no trouble about a three weeks ago or so. I can’t honestly > remember to be sure when I accessed the site but I had no trouble then!!! > > I attempted to access the web site yesterday after having upgraded to the > latest java update. I will have to check when I get home what version I > upgraded to, and try to re-install the previous Java release, and see if that > makes a difference! > > > Stuart Madsen > [email protected]<mailto:[email protected]> > 254-715-2268 (cell) > > > > From: Enterprise [mailto:[email protected]] On Behalf Of Anvar > Kuchkartaev > Sent: Monday, October 23, 2017 11:05 AM > To: Robert A Vipperman > <[email protected]><mailto:[email protected]>; > [email protected]<mailto:[email protected]> > Subject: Re: [Mozilla Enterprise] OCSP issues with Firefox? > > It is a very strange issue. Chrome and IE might be using ocsp from its cache. > Have you tried to connect to that websites from another network? > > Anvar Kuchkartaev > [email protected]<mailto:[email protected]> > From: Robert A Vipperman > Sent: martes, 17 de octubre de 2017 01:58 p.m. > To: [email protected]<mailto:[email protected]> > Subject: [Mozilla Enterprise] OCSP issues with Firefox? > > > > All, > > We started having issues in the last few days with certain internal https > sites giving the error below. Has anyone else experienced this issue? These > sites load with no issues in IE and Chrome. > > Secure Connection Failed > > An error occurred during a connection to xxx.xxx.com. Invalid OCSP signing > certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT > > The page you are trying to view cannot be shown because the authenticity > of the received data could not be verified. > Please contact the website owners to inform them of this problem. > > _________________________ > > Robert Vipperman > Dominion Resource Services, Inc. > [email protected]<mailto:[email protected]> > _________________________ > > ________________________________ > > > CONFIDENTIALITY NOTICE: This electronic message contains information which > may be legally confidential and or privileged and does not in any case > represent a firm ENERGY COMMODITY bid or offer relating thereto which binds > the sender without an additional express written confirmation to that effect. > The information is intended solely for the individual or entity named above > and access by anyone else is unauthorized. If you are not the intended > recipient, any disclosure, copying, distribution, or use of the contents of > this information is prohibited and may be unlawful. If you have received this > electronic transmission in error, please reply immediately to the sender that > you have received the message in error, and delete it. Thank you. > > > > > > > > > -------------------------Blur------------------------- > This email is forwarded from a MASKED EMAIL you created using Blur. > (https://dnt.abine.com/#help/faq/faq-whataremaskedemails). > IF THIS IS SPAM, CLICK HERE TO BLOCK: > https://dnt.abine.com/#/block_email/[email protected]/FWD-737RSYC4JNASYBICA7YCZJABKAM6AUZBNQQBAMKCER4CGMB6MUQDUVCJUAF2AGNOLISDDQADUAY2A5SAAAQA====@opayq.com > > Want to shop safely and privately online? Go Premium: > https://dnt.abine.com/?pk_campaign=maskHeader#premium > -------------------------by Abine------------------------- > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" > -- Do not become so fixated on the cheese at the end of the maze that you forget the real goal is to escape from the lab. Stephen _______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
