Last active
August 29, 2015 14:02
-
-
Save decklin/8f9497de5161e078919a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| On firefox 29 and 30 visitors to our site secure.actblue.com are seeing this error: | |
| ########## | |
| Secure Connection Failed | |
| An error occurred during a connection to secure.actblue.com. The OCSP server found the request to be corrupted or improperly formed. (Error code: sec_error_ocsp_malformed_request) | |
| The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. | |
| Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. | |
| ########## | |
| Checking with OpenSSL: | |
| (see http://blog.ivanristic.com/2014/02/checking-ocsp-revocation-using-openssl.html) | |
| $ openssl ocsp -issuer issuer.crt -cert secure.actblue.com-globalsign-2012.crt -url http://ocsp2.globalsign.com/gsextendvalg2 -CAfile issuer.crt | |
| Error querying OCSP responsder | |
| 20033:error:27075072:OCSP routines:PARSE_HTTP_LINE1:server response error:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/ocsp/ocsp_ht.c:224:Code=403,Reason=Forbidden | |
| UPDATE: | |
| reissued cert with SHA2 to see if a different OCSP URL would be included. Yes, but still fails: | |
| $ openssl ocsp -issuer gsextendvalsha2g2r2.crt -cert new.crt -url http://ocsp2.globalsign.com/gsextendvalsha2g2 -CAfile gsextendvalsha2g2r2.crt | |
| Error querying OCSP responsder | |
| 20125:error:27075072:OCSP routines:PARSE_HTTP_LINE1:server response error:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/ocsp/ocsp_ht.c:224:Code=403,Reason=Forbidden |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment