Firefox throws Secure Connection Failed for many Microsoft domains (Fix)

0
199

When you try to connect select Microsoft owned domains such as Hotmail.com or Codeplex.com right now in Firefox, you may get a Secure Connection Failed error.

Sites that are affected by the issue include the following domains: hotmail.com, codeplex.com, visualstudio.com, azurewebsites.net, social.technet.microsoft.com, onedrive.live.com.

In fact, it appears that the majority of Microsoft owned domains are affected by the issue. Only some sites are not.

The error reads:

Secure Connection Failed

An error occurred during a connection to xyz.codeplex.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

When you try to load the site in another web browser, say Google Chrome or Internet Explorer, it loads fine and without any issues.

secure connection failed

If you check the OCSP range (which is the time period in which it is active), you will notice that it expired on May 28, 2017. While Firefox is strict when it comes to the information, Chrome is not. Google’s Chrome browser allows the connection, but considers it as insecure instead, while Firefox blocks it outright.

Temporary Workaround

The only option that Firefox users have right now to access affected Microsoft domains is to disable OSCP Stapling in the browser. Well, another option would be to use a different browser until the issue is resolved.

  1. Type about:config in the address bar of Firefox and hit the Enter-key.
  2. Confirm that you will be careful if the notification is displayed.
  3. Search for the preference security.ssl.enable_ocsp_stapling.
  4. Double-click on it to set it to false.

Doing so turns off OCSP Stapling in the Firefox web browser. Firefox will load the sites that refused to load before. A restart is not required.

Note: Disabling OCSP Stapling may affect the functionality of other websites that you visit, provided that they make use of the security feature.