Confirm, administrator
5,526
edits
Changes
m
→OCSP
Errors that CAs sometimes encounter when testing OCSP in Firefox:
* Error code: sec_error_ocsp_unauthorized_response
** Please read section 4.2.2.2 "Authorized Responders" on pages 10-11 of RFC 2560. CAs that emit certificates for the general public must use a configuration that conforms to either rule 2 or 3. NSS also supports rule 1, but it requires manually configuring Firefox to set the [[CA:OCSP-TrustedResponder|trusted OCSP responder. ]] This makes this choice relevant only when the Firefox installation is part of a centralized deployment where a local OCSP responder has been setup to send back OCSP responses for all the CAs that are locally trusted. The IETF pkix group that authored RFC 2560 has confirmed that rule 1 is intended to cover similar situations and not public deployments.
* Error code: sec_error_ocsp_bad_http_response
** That error message appears because the OCSP responder responds to the OCSP request with an error.
