When switching to a site (usually using the Firefox browser), the user may encounter an error opening the site, and the corresponding message “Invalid OCSP signing certificate in the OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert) ". This usually indicates a situation where the browser, for certain reasons, considered that the certificate of this site was revoked, therefore, for security reasons, it blocked access to this resource. In this article, I will tell you what the sec_error_ocsp_invalid_signing_cert error is, what causes it, and how to fix this error on your PC.
The content of the article:
- Что значит данная ошибка? 1 What does this error mean?
- Как избавиться от sec_error_ocsp_invalid_signing_cert 2 How to get rid of sec_error_ocsp_invalid_signing_cert
- Заключение 3 Conclusion
What does this error mean?
Translated from English, the text of this error sounds like “Security error. Incorrectly signed OCSP certificate . Similar errors with an SSL certificate are ssl_error_rx_record_too_long and ERR_SSL_VERSION_OR_CIPHER_MISMATCH .
Let me remind the reader that the abbreviation OCSP is short for “ Online Certificate Status Protocol” (in translation - “ Online Certificate Status Protocol ” ). This protocol is designed to check the status of a certificate for its revocation, when a previously issued certificate for a site certifying the security of working with this site may be revoked from the specified site for any reason (for example, the Certification Center considered working with such a site not safe).
Thus, the browser, moving to this site with a “revoked” certificate, may give you an error and the message “sec_error_ocsp_invalid_signing_cert”.
What else could be the reasons for the appearance of such an error message? I would note the following:
- Accidental computer malfunction;
- Incorrect system date and time;
- Temporary problems on the desired network resource.
How to get rid of sec_error_ocsp_invalid_signing_cert
First of all, I recommend to make sure that the date and time on your computer are set correctly. If not, then hover the mouse over the displayed date and time at the bottom of the screen to the right, right-click, select "Date and time setting" - "Change date and time", and set their correct values.
If the date and time are displayed on the PC correctly, then the occurrence of the error sec_error_ocsp_invalid_signing_cert may be of a temporary nature, independent of the regular user (problems on a particular network resource). Usually, this error is quickly resolved by the site administration itself, and the user will not encounter any problems upon a subsequent transition to such a site.
If you do not want to wait, then turn off OCSP notifications, for which in the Mozilla browser, type in the address bar:
about: config - and click on "Enter". If necessary, click on “I accept the risk”, find “ security.ssl.enable_ocsp_stapling ” in the list of settings, and double-click on this line, set the value of this indicator to “ false ”. After that, the specified error will not be displayed, and you can log in to a previously unavailable resource.
As I wrote above, a similar situation with the certificate is quite quickly resolved by the site administration, because after some time, return to the specified browser settings, and again set this indicator to “true” .
Usually the cause of the sec_error_ocsp_invalid_signing_cert error is an incorrect date and time set on the computer, as well as temporary problems of a particular network share with a security certificate issued to it. To eliminate the dysfunction that I am considering, check the correctness of the system date and time, and temporarily disable the parameter I specified in the browser settings, this will avoid the appearance of the _error_ocsp_invalid_signing_cert message on your PC.