Closed Bug 1745600 Opened 2 years ago Closed 2 years ago

MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING on some Microsoft sites

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect

Tracking

(firefox-esr91 verified, firefox95 verified, firefox96 verified, firefox97 fixed)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox-esr91 --- verified
firefox95 --- verified
firefox96 --- verified
firefox97 --- fixed

People

(Reporter: ghot, Unassigned)

References

(
URL
)

Details

Attachments

(7 files)

About:support summary
34.45 KB, text/plain
Details
About:Support summary2
33.22 KB, text/plain
Details
About:support FF93.0 with EDGE installed
33.26 KB, text/plain
Details
About:support Win 11, FF95.0 EDGE removed
33.68 KB, text/plain
Details
Win 11, FF 95.0 with EDGE removed
33.68 KB, text/plain
Details
About:support Win 10, FF 95.0, EDGE removed
34.48 KB, text/plain
Details
ssl.txt
13.68 KB, text/plain
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0

Steps to reproduce:

All I have to do is try to go to...
https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors

Actual results:

Firefox 95.0 will generate this error, even with... UNchecked in settings.
"Query OCSP responder servers to confirm the current validity of certificates"

https://i.imgur.com/0pUu2hD.png

Expected results:

It should have opened the site!!

It's bad enough that Firefox balks at downloading from Microsoft Update Catalog, but at least I can "allow" that.
But this "can't even open the site" BUG is just plain ridiculous.

Attached file About:support summary 

    
    

    
  

      
      
      
      

        Attached file
          
        About:Support summary2
      

    


  
I just restored from a backup that's running Firefox 93.0, and everything works fine.

    
    

    
  
Well, I had uninstalled EDGE.  So I figured I'd reinstall it and try that link again.

Reinstalled, rebooted, and poof...  the link works again.


Seems that Microsoft doesn't LIKE people uninstalling Edge.  :/



    
  
URL: https://docs.microsoft.com/en-us/wind...
Component: Untriaged → Security: PSM
Product: Firefox → Core
See Also:  → 1745567
Summary: Firefox 95.0 won't go to some Microsoft sites → MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING on some Microsoft sites

    
    

    
  
I just reinstalled EDGE on Win 10 and Win 11. Win 10 is on FF 93.0, and Win 11 is on FF 95.0

On Win 10 I can open the link. I still can't open it on Win 11, even with EDGE reinstalled.



    
    

    
  
Maybe Microsoft is going to punish me for a longer period of time on Windows 11.  :)



    
    

    
  
...and that Microsoft "doc" link just failed again.  The Is on Windows 10, with EDGE installed, running Firefox 93.0


This is the link in question...

https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors


Fails on the link for compatible Intel processors too.

https://docs.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors


Secure Connection Failed


An error occurred during a connection to docs.microsoft.com. The OCSP response does not include a status for the certificate being verified.


Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING


The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.




    
    

    
  
Those links work on EDGE...  no problem.



    
    

    
  


  
In case it helps...

    
    

    
  


  
The "docs" link works on Win 11, FF 95.0 with EDGE uninstalled.  
To get it to work, I had to enable this option in Bitdefender Internet Security...

https://imgur.com/yqwbCSs

    
    

    
  


  
The "docs" link works on Win 11, FF 95.0 with EDGE uninstalled.  
To get it to work, I had to enable this option in Bitdefender Internet Security...

https://imgur.com/yqwbCSs

    
    

    
  


  

    
    

    
  
I can confirm this problem on https://forms.office.com where multiple scripts from https://cdn.forms.office.net/forms/scripts/* gives error MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

Other Microsoft URLs are working for me.



    
    

    
  
I'm getting this on https://msdn.microsoft.com/


Mozilla Observatory doesn't seem particularly impressed with their configuration https://observatory.mozilla.org/analyze/msdn.microsoft.com#tls



    
    

    
  
Having same issue trying to access https://support.microsoft.com/help/4468253#managehello.  I'm using FF 95 64-bit.



    
    

    
  
Is everyone else chiming in here also using Bitdefender security software, like the reporter?


Flags: needinfo?(spamam)
Flags: needinfo?(jpaul_johnson)
Flags: needinfo?(brian)

    
    

    
  
(In reply to Gingerbread Man from comment #16)




Is everyone else chiming in here also using Bitdefender security software, like the reporter?




No bitdefender on my computer. I do have comodo firewall, but the problem exists even if I disable it.


Flags: needinfo?(spamam)

    
    

    
  
No Bitdefender hello I, and I'm getting this in both Windows Firefox and Android Firefox.


Flags: needinfo?(brian)

    
    

    
  
s/hello I/here/



    
    

    
  
One of the modules in Bitdefender Internet Security is:  Online Threat Prevention.

One of the toggles in there is this...


https://imgur.com/MiXJaEd


When I disable it, I have the problem.  I don't think this is related to other's issues.

It's almost like, when disabled it assumes ALL iffy certs are bad, and then blocks them.


Since re-enabling this, I haven't had this problem.  But there IS something going on, because I know others

without 3rd party antivirus are experiencing this issue intermittently.



    
    

    
  
I'm getting this on Firefox 95.0 on Arch Linux on www.microsoft.com microsoft.com and msdn.microsoft.com.



    
    

    
  

      
      
      
      

        Attached file
          
        ssl.txt
      

    


  

    
    

    
  
I'm seeing this only on support.microsoft.com all other MS properties I tried seem to be working correctly. I noticed that if  I set security.ssl.enable_ocsp_stapling to false I can access the site.


I also ran and openssl check.



    
    

    
  
I should also have mentioned that changing the pref is not a good solution. I was just testing.



    
    

    
  
Three's also a bug thread for this open at Microsoft.



    
    

    
  
The aforementioned sites work for me. Confiming this due to the multiple reports. Setting NI flag for :keeler to draw some attention.


Update: I'm now getting the error on https://account.microsoft.com


Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jpaul_johnson) → needinfo?(dkeeler)

    
  
Depends on: 966856

    
    

    
  
I can reproduce this on https://answers.microsoft.com/

I'm using Windows 11, latest Nightly, no security software installed. (Windows Defender is enabled.)



    
    

    
  
Bug 966856 should take care of this.


Flags: needinfo?(dkeeler)

    
    

    
  
Also not able to open ANY Microsoft documentation on https://docs.microsoft.com/*

(Windows 10,  Firefox 95, x64)



    
    

    
  
Ditto there with most sites MS, i.e https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html

It eventually works after a bunch of retries/waiting.



    
    

    
  
Hey everyone -- it looks like the cause is known by now, and a fix for this issue is actively being worked on in bug 966856. Let's all be patient until this work is done. :)


I'll move this bug into the Web Compatibility component for now, since the aforementioned bug is already in the right component and is being tracked by the right people. There is no need to have multiple issues open in their product, so let's move this to WebCompat.


Component: Security: PSM → Desktop
Product: Core → Web Compatibility
See Also:  → https://github.com/webcompat/web-bugs/issues/96337, 
            https://github.com/webcompat/web-bugs/issues/96490, 
            https://github.com/webcompat/web-bugs/issues/96624, 
            https://github.com/webcompat/web-bugs/issues/96683
Version: Firefox 95 → unspecified

    
    

    
  
This happens to me too when I was trying to access Microsoft Partner site.


This forum thread (https://docs.microsoft.com/en-us/answers/idea/660411/problem-with-secure-connection.html) suggests that the problem can be resolved by turning off DNS over HTTPS, but it didn't work when I tried it.



    
    

    
  
Note that this is not fixed, we're still actively working on getting fixes rolled out. However, the issue appears to be somewhat intermittent, so sometimes it will just work, sometimes it won't. This issue will be updated/closed when the work is done. :)



    
  
See Also: 1745567
Depends on: 1746225

    
    

    
      
  

    
    

    
      
  

    
    

    
  
We expect to ship Firefox 95.0.1, 96.0b6, and 91.4.1esr releases tomorrow which will resolve this bug. New Nightly builds with the fix are also running now and should be available within a few hours.



    
    

    
  
Verified as fixed on Android Firefox 95.2.0 (Build 2015851755) RC build with LG G7 fit (Android 8.1.0) and Samsung Galaxy Tab S3 (Android 9). We have checked all the websites mentioned in the comments, they load as expected and no error was displayed.


Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED

    
  
Status: RESOLVED → VERIFIED

          status-firefox95:
          --- → fixed

    
  
Status: VERIFIED → REOPENED
Resolution: FIXED → ---

    
    

    
  
This was also verified as fixed on desktop, using Firefox 95.0.1 and 91.4.1esr, on the mentioned websites from this bug report, and other duplicates. The OS's tested, alongside with the entire site list can seen here.


Initially, we've reproduced the bug on Win 11 and macOS, with an affected Nightly build (97.0a1, 2021-12-11)



    
    

    
  
I see no reason to reopen this without justification, especially after it's already been verified by QA.


Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago

          status-firefox95:
          fixedverified

          status-firefox-esr91:
          --- → verified
Resolution: --- → FIXED

    
  
Status: RESOLVED → VERIFIED

    
    

    
  
Verified as fixed on Windows 10.0.19044 N/A Build 19044



    
    

    
  
I have tested this on android and desktop both working correctly after updated.

The Firefox Developer Edition still fails when access microsoft websites. Is there an updated build / update for this.

Currently says 96.0b5 (64-bit)



    
    

    
  
This fix will be in the beta6 build, which is still slated for release today, December 16.



    
    

    
  
We have also performed a verification with 96.0b6 (20211216190150) and no issues were encountered. More details here.



          status-firefox96:
          --- → verified

    
  

          status-firefox97:
          --- → fixed
No longer depends on: 1743993

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: