Closed Bug 1171623 Opened 9 years ago Closed 8 years ago

Secure Connection Failed - sec_error_ocsp_invalid_signing_cert on clientportal.phx-online.com

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
38 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox38.0.5 --- wontfix
firefox39 --- wontfix
firefox40 --- wontfix
firefox41 --- wontfix

People

(Reporter: choi830, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; EIE10;ENUSWOL; rv:11.0) like Gecko

Steps to reproduce:

Go to https://clientportal.phx-online.com/


Actual results:

Secure Connection Failed

An error occurred during a connection to clientportal.phx-online.com. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.


Expected results:

I can access the "https://clientportal.phx-online.com" url from IE or Chrome with no issues. When I access the site from FireFox, it shows the above "Secure connection Failed" error. I checked our SSL cert using "https://www.digicert.com/help/" and it indicates that our cert is correct. Please help
Beta, FDE and Nightly all load the link.

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
20150601171003
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0
20150604004008
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:41.0) Gecko/20100101 Firefox/41.0
20150604030205


Unrelated to this, SSL Labs reports some severe security issues:
https://www.ssllabs.com/ssltest/analyze.html?d=clientportal.phx-online.com
URL: https://clientportal.phx-online.com
status-firefox38.0.5: --- → affected
status-firefox39: --- → unaffected
status-firefox40: --- → unaffected
status-firefox41: --- → unaffected
Component: Untriaged → Security: PSM
Product: Firefox → Core
Summary: Secure Connection Failed on FireFox only → Secure Connection Failed - sec_error_ocsp_invalid_signing_cert - in Firefox 38.0.5 only
This happens intermittently, and I've reproduced on 38.0.5 and 40.

May or may not be something wrong with the CA's OCSP responder.
status-firefox39: unaffected?
status-firefox40: unaffectedaffected
status-firefox41: unaffected?
Summary: Secure Connection Failed - sec_error_ocsp_invalid_signing_cert - in Firefox 38.0.5 only → Secure Connection Failed - sec_error_ocsp_invalid_signing_cert on clientportal.phx-online.com
What should be the next step then? This does not happen with either IE or Chrome.
I have tried Firefox 39 and there is no issue
Sorry for the late response.

I can't get this to reproduce anymore, and it looks like the issue is gone for you as well.
I suspect it was a misconfiguration on the CA side.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.