Fix The OCSP server has refused this request as unauthorized in Firefox
When I tried to open my router's administrative dashboard today in Firefox I received a secure connection failure. It notified me that the OSCP server refused the request as unauthorized, and provided me only with options to try again.
I was used to get options to override certificate issues in the past which Firefox did when I last tried to access the dashboard.
I first tried to reload the page but it did not work either. Then I loaded the dashboard in Google Chrome and while it did display a certificate error, it allowed me to bypass it to open the control panel of the router.
Since Chrome is not my main browser, I started to investigate the issue in Firefox to find a fix for the issue.
Fixing OSCP server issues
The full error message that I received was the following one:
Secure Connection Failed
An error occurred during a connection to [router address]
The OSCP server has refused this request as unauthorized.
(Error code: sec_error_oscp_unauthorized_request)
According to Wikipedia, OSCP is an Internet protocol used to obtain the revocation status of an X.509 digital certificate. Basically, it checks the status of the certificate and returns either good, revoked or unknown back to the client if the request is valid, or may refuse it outright.
The latter can happen when OSCP server connections fail for example, or if the data that is submitted is corrupted.
There is however a way to fix the issue, at least temporarily in Firefox. Before we take a look at how this is done, I'd like to list another OSCP error that you may fix in the same way:
- The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert)
To fix either error, perform the following operation in Firefox:
- Tap on the Alt-key on the keyboard and select Tools > Options from the menu that opens up.
- Switch to Advanced > Certificates in the Firefox options.
- Click on the Validation button.
- Uncheck "When an OSCP server connection fails, treat the certificate as invalid".
You can also try and add an exception for the server or IP address so that you can access it even if the Validation setting is enabled.
To do so select View Certificates in the Firefox options. Click on Servers here and select Add Exception from the menu. Type the location of the server and click on get certificate afterwards. Once it has been retrieved, click confirm security exception. You can make the exception permanent by ticking the permanently store this exception box here.
Closing Words
If you trust a server, it is better to add an exception so that you can access it but do not change any of the other security settings related to certificates in Firefox.
AdvertisementWe need your help
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Previous Post: « Move Firefox Tabs to the Titlebar to save space
Next Post: Mozilla's Flash plugin replacement Shumway lands in Firefox Nightly »
Interesting and helpful information for future encounters. Thanks!
Uncheck “When an OSCP server connection fails, treat the certificate as invalid”
—-
Looked to see what setting I had on Firefox 24.0, and found it was already unchecked.
This is not a parameter I ever looked at before, so maybe the default came this way at installation.
So perhaps my past comment becomes less significant.
I think the Firefox-family browser I am using, Pale Moon 24.02 64-bit, has itself unchecked the value mentioned above, “When an OSCP server connection fails, treat the certificate as invalid“. I mention this because I do not recall having ever modified it myself (I had transferred my Firefox 24 profile to Pale Moon when I installed the latter).
Anyway, thanks for the tip, I ignored the fact, the implications.