Mozilla Firefox is unable to view Microsoft websites due to “OCSP”, but whose fault is it? [Update]


Only Mozilla Firefox could not access or view several websites officially owned by Microsoft. Turns out it wasn’t the result of the ongoing browser wars.

Several subdomains, which were owned by Microsoft, refused to load on the latest stable version of the Mozilla Firefox web browser. Regardless of the platform (mobile or desktop, iOS, Windows or Android), they all worked great on Microsoft Edge, Apple Safari, Google Chrome, and other popular web browsers.

Internet users who frequent Microsoft websites were greeted with “Secure Connection Failed” error messages. As usual, the truth was in the details, explained a developer who first discovered the anomaly and wrote a detailed blog post.

After trying the standard and routine troubleshooting steps, the developer took a close look at the error message that appeared in Mozilla Firefox. He was reading :

“An error occurred while connecting to The OCSP response does not include a status for the certificate being verified.

• The page you are trying to display cannot be displayed because the authenticity of the received data could not be verified.
• Please contact the website owners to inform them of this problem.

As can be seen from the error message, the problem had something to do with “OCSP” and its “response” for “Cert” missing. Needless to say, disabling the OCSP stapling feature in Firefox instantly fixed the problem.

It is important to note that disabling OCSP is not a recommended solution, although it is a temporary workaround. OCSP stands for Online Certificate Status Protocol, which is a method for obtaining certificate revocation information.

Aside from technical jargon, Mozilla Firefox refused to display Microsoft’s subdomains because they do not do their OCSP due diligence. Simply put, the security protocol checks certain certificates and whether they have been revoked recently. In the absence of such information, Firefox simply chose not to display subdomains.

Microsoft slipped into the recent past when it forgot to renew a security certificate. Incidentally, Mozilla Firefox appears to be the only web browser that goes the extra mile to verify this information.

Update: As our readers have pointed out, the latest update for Mozilla Firefox (version 95.0.1) fixes issues with Microsoft websites. Firefox has started to recognize the SHA-2 OCSP response sent from the site. It is truly commendable of Mozilla for fixing the problem so quickly. “Microsoft’s OCSP response was flawed in that it provided a SHA256 hash in a field that required a SHA1 hash. (Thanks Fleet Command for pointing this out.)


About Author

Comments are closed.