[Bug 689293] OCSP error to https:// all gnome ssl links

  sysadmin | Certificates | unspecified

--- Comment #2 from Norman Smith <nls1729 gmail com> 2012-11-29 17:17:33 UTC ---
I am using Firefox on Fedora 17.  This problem is usually a broken certificate
vendor's OCSP server or error in the Website's certificate.  I don't think it
is a certificate problem but only the vendor's customer can report the problem
concerning an OCSP server based on my prior experience with this kind of issue.

In my browser I have "When an OCSP server connection fails, treat the
certificate as invalid" checked.

Before I tried to report this problem, I verified a connection to a U.S.
Treasury website that has OCSP set in it's certificate and it works fine from
my location.

Most people turn this check off in their browser because they don't understand
what the OCSP function does.  You don't know if the certificate is revoked
without this function if OCSP is provided on the certificate.

I keep it enabled except when I an trouble shooting this kind of problem.

SSL is only as good as the proper operation of the infrastructure that supports
it.  Security with holes is no security at all.

I always know that I can be wrong but I don't think I am in this case.

You should be able to duplicate this with a Firefox browser:

Check Use the Online ... (OCSP)
Pick  Validate a certificate if it specifies an OCSP server
Check When an OCSP server connection fails, treat the certificate as invalid

Sorry if my bluntness has offended anyone.

Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]