All SSL access to hosted websites is currently broken using Firefox and Safari. The problem is that OCSP lookups are failing due to a misconfiguration by StartSSL, the certificate authority providing our SSL certificates. Other browsers are not affected because they have not implemented OSCP lookups. A temporary work-around is to disable the checks. In Firefox:
- Enter about:config into the Firefox address bar
- Accept the warning
- Search for security.ssl.enable_ocsp_stapling
- Double-click to change to false
StartSSL does not seem to have any blog or social media presence to indicate status on the outage, but a Twitter search yields a steady stream of corroborations. Hopefully they’ll fix it soon.
UPDATE 2015-04-05 11:45 pm: OCSP is working properly again as of a couple hours ago. Outage/technical problems on StartSSL’s part.
UPDATE 2016-11-26: OCSP responses have had bad signatures for the past two days. I believe this is once again an issue on the StartSSL side. Can be worked around the same way.