Firefox 3 and Revoked SSL Certificates
19 Jun 2008
Today I discovered that Firefox 3 will refuse to display a site over HTTPS if its SSL certificate is revoked. And even though I am not questioning merits of this decision, I still would have preferred to have this behavior configurable, either somewhere deep in Preferences or at least via about:config (quick scan of the latter did not result in anything useful - did I overlook it?)
Comments (4)
[...] Excerpted from:Firefox 3 and Revoked SSL Certificates [...]
Same deal here, check out https://escrm.nokia.com/ for an example.
I like the other warning, where if its untrusted you can add the exception, but completely stopping you?
Anyone?
@dave - looks like Nokia fixed that site already.
Found this blog whilst experiencing the same problem. I also found a solution (although I don't know the impact on security). It's something to do with OCSP. If you go to Preferences/Options > Security > Advanced > Encryption > Validation and uncheck OCSP.
I found this solution at the following site. . .
http://support.mozilla.com/tiki-view_forum_thread.php?locale=de&comments_parentId=86422&forumId=1