| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 62199 | 2005-09-30 05:34:00 | Unable to log into any Secure site with FireFox. | symiggy (7597) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 392209 | 2005-09-30 05:34:00 | As of today I am unable to log into any of my secure sites that require a certificate validation using Firefox. I get the message: <Error trying to validate certificate from www........(any and all of my secure sites )...using OCSP- server is busy. Please try again later.> I have been able to log onto those same sites immediately thereafter with IE without any problems at all. I run Windows XP SP2 which is fully up to date. I have done a recent virus scan with (fully updated) Avast! as well as checking with several antispyware programs including Counterspy and MS Antispyware as well as Adaware and Spybot S and D...all the scans are clean. I would appreciate it if anyone can tell me what OCSP means and what I can do about this sorry state of affairs. Many thanks. :( |
symiggy (7597) | ||
| 392210 | 2005-09-30 05:37:00 | What verson of firefox are you using? | stu161204 (123) | ||
| 392211 | 2005-09-30 05:59:00 | As of today I am unable to log into any of my secure sites that require a certificate validation using Firefox. I get the message: <Error trying to validate certificate from www........(any and all of my secure sites )...using OCSP- server is busy. Please try again later.> I have been able to log onto those same sites immediately thereafter with IE without any problems at all. I run Windows XP SP2 which is fully up to date. I have done a recent virus scan with (fully updated) Avast! as well as checking with several antispyware programs including Counterspy and MS Antispyware as well as Adaware and Spybot S and D...all the scans are clean. I would appreciate it if anyone can tell me what OCSP means and what I can do about this sorry state of affairs. Many thanks. :( Preferences > Advanced > Validation > click "Do Not Use OCSP..." Before you do that, did you change these settings? |
vinref (6194) | ||
| 392212 | 2005-10-01 04:29:00 | Stu161204: Recently updated to 1.0.7 vinref: I have not changed any settings recently. At present my my preference is in the middle position.. viz.Use OSCP to validate only certificates that specify an OSCP service URL. I guess my question (and concern) is now what difference will it make to my security if I change to: "Do Not Use OCSP...? Specifically will I be more vulnerable to spoofing or phishing etc. Thanks for your advice. |
symiggy (7597) | ||
| 392213 | 2005-10-03 05:29:00 | My own default verification setting is "Do not use OCSP...". I regard this as "enough" protection against spoofing in combination with due diligence when entering any personal details in any forms. There are three ways to check the authenticity of a site using certificates: 1. CRL - certificate revocation list. FF checks a certificate against this list. You have to download this list. I haven't, because it sounds rather large. 2. OCSP - online certificate status protocol. FF checks the certificate a list against an online list server. 3. Validation period. A known certifying authority validates a site for a limited period. The certificate must be renewed before it expired. FF checks the date of the certificate for authenticity. FF uses #3 by default (I think). I don't know how it would have changed for you without you doing it deliberately. |
vinref (6194) | ||
| 392214 | 2005-10-03 09:21:00 | vinref: Inexplicably the problem seems to have rectified itself on its own over the last few hours. I have not changed any settings before or after the problem "fixed itself" Thanks for your interest and advice. |
symiggy (7597) | ||
| 392215 | 2005-10-03 22:11:00 | From what I read in your post it simply looked like the server it was trying to connect to to verify the certificate was busy, down or blocked which is why it wouldn't work . "Server is busy" I'd say that over the last few hour they rectified their problem which is why it worked after a few hours down time . |
Odin (227) | ||
| 392216 | 2005-10-04 02:16:00 | From what I read in your post it simply looked like the server it was trying to connect to to verify the certificate was busy, down or blocked which is why it wouldn't work. "Server is busy" I'd say that over the last few hour they rectified their problem which is why it worked after a few hours down time. Odin: If that were the case, how can you explain the fact that I was able to log into the secure sites immediately thereafter using IE. The problem only occurred with Firefox (which I prefer to use) |
symiggy (7597) | ||
| 392217 | 2005-10-04 02:39:00 | Well maybe Firefox was trying to use the Expressway on the internet instead of the old bumpy backway horse trails that IE uses, only this time the Expressway was blocked by traffic :D :D :D | Odin (227) | ||
| 392218 | 2005-10-04 02:56:00 | By the way, I tried FF with the option set to use OCSP, and there was no noticeable change in behaviour. So the OSCP server seemed OK. What sites were you trying to access? |
vinref (6194) | ||
| 1 | |||||