Fix The OCSP server has refused this request as unauthorized in Firefox - gHacks Tech News

Fix The OCSP server has refused this request as unauthorized in Firefox

When I tried to open my router's administrative dashboard today in Firefox I received a secure connection failure. It notified me that the OSCP server refused the request as unauthorized, and provided me only with options to try again.

I was used to get options to override certificate issues in the past which Firefox did when I last tried to access the dashboard.

I first tried to reload the page but it did not work either. Then I loaded the dashboard in Google Chrome and while it did display a certificate error, it allowed me to bypass it to open the control panel of the router.

Since Chrome is not my main browser, I started to investigate the issue in Firefox to find a fix for the issue.

Fixing OSCP server issues

The OCSP server has refused this request as unauthorized
Secure Connection Failed

The full error message that I received was the following one:

Secure Connection Failed

An error occurred during a connection to [router address]

The OSCP server has refused this request as unauthorized.

(Error code: sec_error_oscp_unauthorized_request)

According to Wikipedia, OSCP is an Internet protocol used to obtain the revocation status of an X.509 digital certificate. Basically, it checks the status of the certificate and returns either good, revoked or unknown back to the client if the request is valid, or may refuse it outright.

The latter can happen when OSCP server connections fail for example, or if the data that is submitted is corrupted.

There is however a way to fix the issue, at least temporarily in Firefox. Before we take a look at how this is done, I'd like to list another OSCP error that you may fix in the same way:

  1. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)

To fix either error, perform the following operation in Firefox:

  1. Tap on the Alt-key on the keyboard and select Tools > Options from the menu that opens up.
  2. Switch to Advanced > Certificates in the Firefox options.
  3. Click on the Validation button.
  4. Uncheck "When an OSCP server connection fails, treat the certificate as invalid".

firefox options certificates

oscp server connection

You can also try and add an exception for the server or IP address so that you can access it even if the Validation setting is enabled.

To do so select View Certificates in the Firefox options. Click on Servers here and select Add Exception from the menu. Type the location of the server and click on get certificate afterwards. Once it has been retrieved, click confirm security exception. You can make the exception permanent by ticking the permanently store this exception box here.

firefox certificate exception

Closing Words

If you trust a server, it is better to add an exception so that you can access it but do not change any of the other security settings related to certificates in Firefox.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. jasray said on October 2, 2013 at 8:36 pm
    Reply

    Interesting and helpful information for future encounters. Thanks!

  2. George P. Burdell said on October 3, 2013 at 5:03 am
    Reply

    Uncheck “When an OSCP server connection fails, treat the certificate as invalid”
    —-

    Looked to see what setting I had on Firefox 24.0, and found it was already unchecked.

    This is not a parameter I ever looked at before, so maybe the default came this way at installation.

    1. Transcontinental said on October 3, 2013 at 11:43 am
      Reply

      So perhaps my past comment becomes less significant.

  3. Transcontinental said on October 3, 2013 at 11:42 am
    Reply

    I think the Firefox-family browser I am using, Pale Moon 24.02 64-bit, has itself unchecked the value mentioned above, “When an OSCP server connection fails, treat the certificate as invalid“. I mention this because I do not recall having ever modified it myself (I had transferred my Firefox 24 profile to Pale Moon when I installed the latter).

    Anyway, thanks for the tip, I ignored the fact, the implications.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.