Friday, 19 September 2008

Firefox OCSP Server experiences an internal error ( sec_error_ocsp_server_error )

I am in a Hotel now and they have free Wifi in the rooms. This would be a nice feature if it worked. The theory is that Wifi is not protected an authentication is not required but when you type in an URL the gateway forwards you to an authentication page - apc.aptilos.com, pas.aptilo.com - and you have to type in a user name and password what you can get at the reception - or via the TV.
If you type in the user name and password you can go through the gateway for a while.
I suppose even the mac address or the IP is registered in the gateway and/or in the firewall and allowed to communicate.
Nice concept except Wifi is not encrypted.

But I had a problem. When I typed in any URL in Firefox it does not work and after a while I got the error message:
"OCSP Server experiences an internal error" ( sec_error_ocsp_server_error )
I have tested this from Konqueror and it was working fine. ( I have Ubunut 8.04 now. )

I made a network traffic sniff and saw the problem is that Firefox tries to check if the servers key is revoked via OCSP. But of course this is not possible since network is not opened by this time.
The solution from aptilo would be to open the connection to the corresponding OCSP server. I do not belive this will be done.
The solution from client side is to disable OCSP in Firefox or use a client which does not have OCSP.
To disable OCSP in Firefox go to Preferences->Advanced->Encryption->Validation. Here you have a choice.

You can completely disable OCSP.


You can disable to treat the connecting server invalid if OCSP fails.



Whatever you do NEVER FORGET TO ENABLE THIS AFTER YOU LEFT THE PLACE.
This is a security feature for your safety.


Powered by ScribeFire.