Closed
Bug 589629
Opened 14 years ago
Closed 10 years ago
Verisign OCSP responder says "unauthorized request" for apparently valid SSL server cert
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: nelson, Unassigned)
References
()
Details
With strict OCSP enabled, go visit either of these AT&T web aite URLs: https://cprodx.sbc.com/cola/myaccount/Controller?pf=frameworkEntry&e=feMyAccount&ReturnUrl=https%3A%2F%2Faccountmanager.att.com%2Fwps%2Fmyportal%2Fmysbc%2Fhome%3FreferralAppID%3DSBC%26fromCola%3Dtrue https://cprodx.sbc.com/apiserver/igate_web_dlom/logOut.do?PAS=COLA,ACCTMGR Expected result: an https web page from AT&T Actual result: > Secure Connection Failed > An error occurred during a connection to cprodx.sbc.com. > The OCSP server has refused this request as unauthorized. > (Error code: sec_error_ocsp_unauthorized_request) > The page you are trying to view can not be shown because > the authenticity of the received data could not be verified. The cert for cprodx.sbc.com is within its validity period. Its cert chain's signatures all check out OK.
Reporter | ||
Comment 1•14 years ago
|
||
Oh, I tried and tried to find ways to report this to Verisign this weekend, in hopes that they could "kick" the responder. No joy.
Comment 2•14 years ago
|
||
Seems to work for me. No issues.
Reporter | ||
Comment 3•14 years ago
|
||
Maybe they have multiple responders serving separate geographical areas, and they give different results.
Reporter | ||
Comment 4•14 years ago
|
||
The OCSP request sent looks like this (pretty printed): TBS Request: Version: DEFAULT No Requestor Name. Request 0: Cert ID: Hash Algorithm: SHA-1 Issuer Name Hash: c0:fe:02:78:fc:99:18:88:91:b3:f2:12:e9:c7:e1:b2: 1a:b7:bf:c0 Issuer Key Hash: 0d:fc:1d:f0:a9:e0:f0:1c:e7:f2:b2:13:17:7e:6f:8d: 15:7c:d4:f6 Serial Number: 2f:1b:3a:10:e4:d5:ec:bf:a8:56:3a:76:94:3d:de:e5 No Single Request Extensions No Request Extensions No Signature Or, in hex: 30 51 30 4F 30 4D 30 4B 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 C0 FE 02 78 FC 99 18 88 91 B3 F2 12 E9 C7 E1 B2 1A B7 BF C0 04 14 0D FC 1D F0 A9 E0 F0 1C E7 F2 B2 13 17 7E 6F 8D 15 7C D4 F6 02 10 2F 1B 3A 10 E4 D5 EC BF A8 56 3A 76 94 3D DE E5 The entire response I get is these 5 bytes (shown here in hex): 30 03 0A 01 06
Comment 5•10 years ago
|
||
PING cprodx.sbc.com (144.160.25.45): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 Request timeout for icmp_seq 4 Request timeout for icmp_seq 5 ^C --- cprodx.sbc.com ping statistics --- 7 packets transmitted, 0 packets received, 100.0% packet loss
Assignee: english-us → nobody
Status: NEW → RESOLVED
Closed: 10 years ago
Component: English US → Desktop
Resolution: --- → INVALID
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•