Closed Bug 373692 Opened 19 years ago Closed 16 years ago

tls ocsp connection error establishing an encrypted connection to www.nijmegen.nl -8084

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: hanscees, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 when opening an https site firefox gives an error: connection error establishing an encrypted connection to www.nijmegen.nl -8084 url is: https://www.nijmegen.nl/digitalebalie/pdc2.asp this error goes away when you deselect tools->options->advanced->encryption ->verification -> 2: use ocsp ..... service URL to option 1: do not use ocsp I tried to check the ssl certificate but did not find ocsp somewhere. If I deselect use ocsp and look at the certificate by clicking on the lock and then click view it says: could not validate certificate for unknown reasons. Reproducible: Always Steps to Reproduce: 1.surf to https://www.nijmegen.nl/digitalebalie/pdc2.asp 2. 3. Expected Results: a sitepage should showe up, instead I get an error message give the error messages
I did some research on the certificate. It validates against a root certificate of "staat der nederlanden" which is in the root certificate bundlke of firefox: Certificate chain 0 s:/C=NL/O=Gemeente Nijmegen (2000000179)/serialNumber=AC010001038420140/CN=www.nijmegen.nl i:/C=NL/O=DigiNotar B.V./CN=DigiNotar PKIoverheid CA Overheid 1 s:/C=NL/O=DigiNotar B.V./CN=DigiNotar PKIoverheid CA Overheid i:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Overheid CA 2 s:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Overheid CA i:/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA The root certificate is probably not it, because the certificate of https://www.dordrecht.nl does not give a problem. when I get some text I find this: openssl x509 -text -in nijmegen.cert X509v3 extensions: Authority Information Access: OCSP - URI:http://validation.diginotar.nl In the certfile of dordrecht.nl there is no such ocsp value.. I tried to do something like this: openssl ocsp -issuer diginotar.crt -url http://validation.diginotar.nl:80 -cert nijmegen.cert -no_cert_checks but it fails somehow: Response Verify Failure 12779:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate nijmegen.cert: good This Update: Mar 12 22:11:40 2007 GMT Next Update: Mar 14 22:11:40 2007 GMT got diginotar by ./getcert www.diginotar.nl got nijmegen.cert by ./getcert www.nijmegen.nl
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2 I get no error at all testing this with a new profile and default settings. See http://kb.mozillazine.org/Error_loading_websites
but what are your settings for ocsp?
No response after 3 years, and it seems to work for me too
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.