Nginx ssl Firefox throws OCSP sec_error_ocsp_invalid_signing

H

hadwin2015-08-20 21:34:39

Nginx

hadwin, 2015-08-20 21:34:39

Nginx ssl Firefox throws OCSP sec_error_ocsp_invalid_signing_cert what is the reason?

There are certificates from GlobalSign. Everything was working fine, but today, when accessing the site through Firefox, it gives the following error:
Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)
What could be the reason? The nginx config is:
ssl_stapling on;
#ssl_stapling_verify on;
resolver 8.8.8.8;
ssl_certificate /etc/ssl/mysite.crt;
ssl_certificate_key /etc/ssl/private.key;
ssl_trusted_certificate /etc/ssl/root.crt;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA: !IDEA:!PSK:!SRP:!SSLv2;
keepalive_timeout 120;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 28h;

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vasily, 2015-08-21
@DobriyJuk

If the problem only reproduces in Firefox, then the problem is most likely in it. Firefox uses storage separate from system storage. Those. a certificate installed via Chrome or IE (they use the system windows certificate store) will not work in Firefox.
Try manually populating the certificate in Firefox.