H
H
hadwin2015-08-20 21:34:39
Nginx
hadwin, 2015-08-20 21:34:39

Nginx ssl Firefox throws OCSP sec_error_ocsp_invalid_signing_cert what is the reason?

There are certificates from GlobalSign. Everything was working fine, but today, when accessing the site through Firefox, it gives the following error:
Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)
What could be the reason? The nginx config is:
ssl_stapling on;
#ssl_stapling_verify on;
resolver 8.8.8.8;
ssl_certificate /etc/ssl/mysite.crt;
ssl_certificate_key /etc/ssl/private.key;
ssl_trusted_certificate /etc/ssl/root.crt;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA: !IDEA:!PSK:!SRP:!SSLv2;
keepalive_timeout 120;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 28h;

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vasily, 2015-08-21
@DobriyJuk

If the problem only reproduces in Firefox, then the problem is most likely in it. Firefox uses storage separate from system storage. Those. a certificate installed via Chrome or IE (they use the system windows certificate store) will not work in Firefox.
Try manually populating the certificate in Firefox.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question