Mozilla Firefox is blocking CAcert.org websites – how to get access again

abwählen
Remove the tick here to unblock the cacert.org sites.

You are on the Internet with Firefox. So far, this was actually not a bad decision. However, when connecting to cacert.org an error now occurs. The OCSP response contains outdated information.

Error code: SEC_ERROR_OCSP_OLD_RESPONSE

This surprises you, because you have previously expressed your trust in the CAcert (CA Cert Signing Authority) root certificate. Today, however, you are still not getting access. This has to do with an update from Firefox, which changes a default setting.

The solution: Go to Settings -> Certificates: The option “Confirm current validity of certificates by request to OCSP server” must be deactivated (see picture: there must not be a tick at the red marked position), then it works again. (Dear Mozilla developers, this would not have been absolutely necessary).

2 thoughts on “Mozilla Firefox is blocking CAcert.org websites – how to get access again

  1. Bachsau

    Since you’re obviously not adressing the elephant in the room: Why does the OCSP response contain outdated information?

  2. Etienne Ruedin2 Post author

    At Christmas’ Eve, one of our volunteers detected, that a script on ocsp.cacert.org was not running as expected. He restarted the script and we changed our internal monitoring. During the month January, February and March we checked regularly if the new procedure works well – it does. So, the described work around is no more needed.

Leave a Reply