Outlook security issue in Firefox- can't access hotmail
I can't access my hotmail account due to the following error message
An error occurred during a connection to mail.live.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
I can't contact the website owners due to not being able to access the site! Why is firefox so glitchy these days?!
פתרון נבחר
Firefox seems to check the OCSP revoked status on every access and in this case the server is sending a cached OCSP Stapling response that is signed with an expired certificate.
Firefox seems to be more persistent and refuses to access the website. Other browser may be more forgiving or aren't using this feature in case of older browsers.
Read this answer in context 👍 1כל התגובות (3)
There seems to be something wrong on the Outlook servers. Hopefully they fix this quickly on the server. I've see a few reports similar to yours and I can confirm it myself.
This looks like a problem with OCSP stapling on the server because it works when I disable this feature in Firefox.
- https://en.wikipedia.org/wiki/OCSP_Stapling
- https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
You can temporarily toggle this pref to false on the about:config page to see if disabling OCSP Stapling works for you. It is best to reset this pref via the right-click context menu to true once you are done with the this website.
- security.ssl.enable_ocsp_stapling = false
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
Thanks for the response, glad (in a way, although it's very inconvenient) that it's not just me. However, I can open Hotmail on another browser- Epic and on my phone. Strange that only on Firefox is it a problem?
פתרון נבחר
Firefox seems to check the OCSP revoked status on every access and in this case the server is sending a cached OCSP Stapling response that is signed with an expired certificate.
Firefox seems to be more persistent and refuses to access the website. Other browser may be more forgiving or aren't using this feature in case of older browsers.