Site feedback

LesHay-2099 avatar image
52 Votes"
LesHay-2099 suggested Marian-0884 published

Problem with Secure Connection

Hi
Using Firefox and am getting a lot of the error messages shown below. Sometimes it seems to last about 15 min and then I will get one session OK.
========================================
Secure Connection Failed

An error occurred during a connection to docs.microsoft.com. The OCSP response does not include a status for the certificate being verified.

Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
 Please contact the web site owners to inform them of this problem.
qna-feedback
· 20
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I I have the same problem and more doubt on the phone

17 Votes 17 ·

I had a similar problem so I used Microsoft Edge

17 Votes 17 ·

NOT fixed.
I have this message trying to open links from Windows settings, have been unable to open them in FF since I first started using windows 10 mid November on a new PC. (First those links opened in Edge when Firefox set as default browser. Uninstalled Edge then they opened in Brave browser which I had downloaded to test (which is also Chromium, like Edge, NEVER set as default, Firefox still set as default). Uninstalled Brave. Then nothing happened at all when I clicked the links. Now this message.

6 Votes 6 ·

I started getting this problem as of today as well. Firefox error message for https://answers.microsoft.com as follows:

Secure Connection Failed

An error occurred during a connection to answers.microsoft.com. The OCSP response does not include a status for the certificate being verified.

Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
 **Please contact the website owners to inform them of this problem.**

Please fix this problem.

0 Votes 0 ·

One user mentioned finding this was occurring to them when using FF if they had the General > Network Settings > Settings > "enable DNS over HTTPS" enabled, and configured to use "Cloudflare (default)".

I did try the suggestions mentioned that people reported working for them, specifically the modification of the ocsp_stapling configuration option, but I also found that when I reverted that to the default "True" value, and simply changed the value for "enable DNS over HTTPS" from the Cloudflare default to NextDNS and refreshed, I was no longer having this problem, at least not on a few websites that were originally problematic.

Hope this helps!

0 Votes 0 ·

I had to disable OCSP stapling in Firefox to restore functionality.

I wonder if it's related to this: https://docs.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes

It would seem the docs.microsoft.com certificate is fine but the OCSP stapling checks are revoking it?

2 Votes 2 ·

It has been fixed right now.

0 Votes 0 ·

The error persists.
How long do you reckon would it take for the fix to be rolled out across the services?

3 Votes 3 ·

Not fixed, still had to disable OCSP stapling to visit many Microsoft domains, including https://docs.microsoft.com/en-us/* Disabling DNS over HTTPS had no effect also on Firefox 95.0 64-bit.

0 Votes 0 ·
Show more comments
chrissun-vmlabs avatar image
1 Vote"
chrissun-vmlabs commented
  • I just had the same issue all of a sudden about 10 mins ago.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chrome works. Only Firefox has this issue.

1 Vote 1 ·
Brian-7527 avatar image
1 Vote"
Brian-7527 commented

I had this issue as well, I even tried it on 2 portable FF installs just to make sure my config wasn't causing it and they still did it, from ESR to Nightly. But, as I was typing this it got fixed lol.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GeorgeK-1545 avatar image
0 Votes"
GeorgeK-1545 commented GeorgeK-1545 published

I have the same problem all of the sudden

 Secure Connection Failed
    
 An error occurred during a connection to docs.microsoft.com. The OCSP response does not include a status for the certificate being verified.
    
 Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
    
     The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
     Please contact the website owners to inform them of this problem.
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

wyxwyx-9203 avatar image
0 Votes"
wyxwyx-9203 commented

Also fail with Firefox: https://support.microsoft.com

In Edge it does not fail. It must be Microsoft that wants us to leave FF and move to Edge. XDD

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yeah probably. They hate FOSS, so they broke their site :-)


0 Votes 0 ·
RLWA32-6355 avatar image
1 Vote"
RLWA32-6355 commented Aaron-7782 published

My FF was set to use DNS over HTTPS with CloudFlare. There is currently a significant security issue that is affecting the net. Refer to rapid-response-critical-rce-vulnerability-is-affecting-java. CloudFlare is one of those affected by this issue.

When I changed my network options to not use DNS over HTTPS with CloudFlare the secure connection problem was resolved.

Also, Microsoft's response to this issue is here - microsofts-response-to-cve-2021-44228-apache-log4j2


· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RLWA32-6355

Maybe the administrators of this forum need to read your post.

0 Votes 0 ·

Have you checked your own Firefox options for this particular setting?

Maybe the perceived FF secure connection problem was actually Firefox protecting me from a real problem had the connection been allowed.

0 Votes 0 ·

@ RLWA32-6355
My Network settings are also using CloudFlare s provider when the Enable DNS over HTTPS option is enable - it is disabled on my system - not by me, but must be something associated with setting Firefox to always use https. However, my understanding of Networking is extremely limited.

0 Votes 0 ·
Show more comments

I don't use DNS over HTTPS and they don't work for me in Firefox: https://support.microsoft.com
MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

0 Votes 0 ·

Thanks for this, changing this setting fixed it for me

0 Votes 0 ·
GusCB avatar image
2 Votes"
GusCB commented GusCB edited

Just found a workaround:
1. Open a tab and type about:config in the address bar.
2. Once in, type ocsp in the config search bar.
3. Toggle the parameter security.ssl.enable_ocsp_stapling from true to false

from https://vi-control.net/community/threads/firefox-secure-connection-fails.66693/

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PaulMWilson-4559 avatar image
1 Vote"
PaulMWilson-4559 commented

I also had to disable ocsp stapling in Firefox as suggested above to restore access to docs.microsoft.com

I wonder if the issue is related to this:
https://docs.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes

It would seem the docs.microsoft.com certificate is valid, but the OCSP stapling checks are failing causing Firefox to consider it revoked?

Interestingly, my wife's Firefox seems to be fine and able to access docs.microsoft.com without issue. So it's not affecting everyone. Possibly some kind of overload/timeout /round-robin issue somewhere where it depends on which server answers your OCSP check?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ "I wonder if the issue is related to this:"

Well, to me it seems that Microsoft switched to SHA-2, which seems to be a known problem with Mozilla´s OCSP-Impementation
Found this link at it seems that this had been known for quite some time now (8 years?!), but has "all of a sudden" got some attention and change in priority after Nathan´s comment ;-)

https://bugzilla.mozilla.org/show_bug.cgi?id=966856

Hope they will fix it soon!

0 Votes 0 ·
MichalCihelka-3323 avatar image
1 Vote"
MichalCihelka-3323 commented MichalCihelka-3323 edited

I have exactly the same issue. Using Firefox, browsing to a number of Microsoft websites leads to a MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error.

The issues are actually not limited to Firefox. For example:

  • During Windows 10 Home install on new PC connected to the internet, I should be asked to sign in to a Microsoft Account. Instead I am forced to create a local account, which indicates that the installer is having trouble connecting to Microsoft's account servers.

  • Windows Update is not working properly. Trying to install latest updates leads to Download error - 0x80070643 error.

The issue seems to be affected by geography and the luck of load balancing, with only some users affected some of the time.

I have also noticed that affected URLs seem to trace to servers operated/managed by Akamai Technologies (they do a whole bunch of content delivery for Microsoft), so it could be an issue on their end.

Interesting fact - Chrome doesn't do OCSP checks by default (instead Google regularly pushes revocation lists to Chrome browsers). Chromium-based Edge might be the same/similar in this respect. So that explains why Chrome and possibly Edge are unaffected by these issues.

The whole thing is a bit frustraing, who knows how long it will take before the issues are fixed.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bob-8765 avatar image
1 Vote"
Bob-8765 commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yep. Me too. Thanks.

0 Votes 0 ·
HelmuthJohn-4260 avatar image
0 Votes"
HelmuthJohn-4260 commented

I started seeing this error today on Bing maps when it tries to load the tiles from virtualearth.net.

https://www.bing.com/maps exhibits it pretty clearly:
157275-screen-shot-2021-12-13-at-121005.png



This is also affecting web sites using the Bing mapcontrol in the same way.

Here is an example tile that is failing to load: https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/ch/0212300320?mkt=en-GB&it=G,LC,BX,RL&shading=t&n=z&og=1667&cstl=vbp2&key=Am0C1_E_vR7VfUuFw_yMoUQ3INmDCh7lYMqBaPsd_U3D4fr9YOuLICItWj8itWXz

I have verified that the fix that Bob-8765 posted above worked for me.

I have reproduced the problem with Firefox 94.0.2 and 95.0 on my Macintosh with MacOS 11.6.1.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We have the exact same problem affecting public internet facing websites that we're working with.

1 Vote 1 ·

Your Opinion Counts

Share your feedback, or help out by voting for other people's feedback.