CERTIFICATE - SECURITY - LETSENCRIPTY - MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: francielle, Unassigned)
Details
Attachments
(1 file)
74.53 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36
Steps to reproduce:
Hi, I work at iCasei, a brazilian company, we create websites and we have issued security certificates for our customers' domains and recently it has often not worked in firefox browser. In my report I bring the case of a domain that had the certificate issued last week and it is no longer possible to access it by firefox browser, but we have more cases.
goto site https://fernandaerafaelcasamnabahia.com/
Actual results:
Got an error page: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
Expected results:
Should load the mentioned site.
Updated•3 years ago
|
Comment 1•3 years ago
|
||
The certificate for that site has an extension called "TLS feature" that communicates to the browser that the server must include a stapled OCSP response in the TLS handshake. Since the server isn't including a stapled OCSP response, Firefox rejects the certificate. You need to either have your customers turn on OCSP stapling or you need to stop issuing certificates with that extension. See https://datatracker.ietf.org/doc/html/rfc7633
Description
•