sec_error_oscp_unknown_cert

All SSL access to hosted websites is currently broken using Firefox and Safari. The problem is that OCSP lookups are failing due to a misconfiguration by StartSSL, the certificate authority providing our SSL certificates. Other browsers are not affected because they have not implemented OSCP lookups. A temporary work-around is to disable the checks. In Firefox:

  1. Enter about:config into the Firefox address bar
  2. Accept the warning
  3. Search for security.ssl.enable_ocsp_stapling
  4. Double-click to change to false

StartSSL does not seem to have any blog or social media presence to indicate status on the outage, but a Twitter search yields a steady stream of corroborations. Hopefully they’ll fix it soon.

UPDATE 2015-04-05 11:45 pm: OCSP is working properly again as of a couple hours ago. Outage/technical problems on StartSSL’s part.

 

www.nerdylorrin.net, mail.nerdylorrin.net, and webdav.nerdylorrin.net have freshly minted certificates signed by the StartSSL Certificate Authority.