Firefox throws Secure Connection Failed for many Microsoft domains (Fix)

Martin Brinkmann
May 29, 2017
Updated • May 30, 2017

When you try to connect select Microsoft owned domains such as or right now in Firefox, you may get a Secure Connection Failed error.

Sites that are affected by the issue include the following domains:,,,,,

In fact, it appears that the majority of Microsoft owned domains are affected by the issue. Only some sites are not.

The error reads:

Secure Connection Failed

An error occurred during a connection to Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

When you try to load the site in another web browser, say Google Chrome or Internet Explorer, it loads fine and without any issues.

secure connection failed

If you check the OCSP range (which is the time period in which it is active), you will notice that it expired on May 28, 2017. While Firefox is strict when it comes to the information, Chrome is not. Google's Chrome browser allows the connection, but considers it as insecure instead, while Firefox blocks it outright.

Temporary Workaround

The only option that Firefox users have right now to access affected Microsoft domains is to disable OSCP Stapling in the browser. Well, another option would be to use a different browser until the issue is resolved.

  1. Type about:config in the address bar of Firefox and hit the Enter-key.
  2. Confirm that you will be careful if the notification is displayed.
  3. Search for the preference security.ssl.enable_ocsp_stapling.
  4. Double-click on it to set it to false.

Doing so turns off OCSP Stapling in the Firefox web browser. Firefox will load the sites that refused to load before. A restart is not required.

Note: Disabling OCSP Stapling may affect the functionality of other websites that you visit, provided that they make use of the security feature.

Firefox throws Secure Connection Failed for select Microsoft domains
Article Name
Firefox throws Secure Connection Failed for select Microsoft domains
When you try to connect select Microsoft owned domains such as or right now in Firefox, you may get a Secure Connection Failed error.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Rita said on September 16, 2017 at 6:59 pm

    Had this problems,in spades. Had just bought a brand new laptop&was thinking it was junk,because I could’nt get anywhere on the web,without a ton of hassle. BUT,after doing the recommended solution above,I am now able to get from point A to point B,withot having to spend a half an hour,just to reach Google or Twitter ,or anything else I am trying to get to on the internet. Still runs a bit slow,loading the pages,but not that long(maybe a minute),but at least it saves me from a half an hour or so,of refreshes&’secure connection failed’ messeges. Also,I found that it fixed my Twitter issues,as well,as before I used the solution on this new laptop,I was’nt able to even post photos,much less GIFs,on Twitter&sometimes,it would’nt even post regular tweets. But now I can. Thank you. However,I do have a question : Is there any security countermeasures I can take,to make it safer to go on,without the ‘stapling’? How safe is this solution,in the long run?

  2. TK said on May 31, 2017 at 3:59 am

    After 2 days, I am finally able to access Hotmail via Firefox as of 09:00 (Greenwich time+8) Wed., 31 May 2017 in Hong Kong. Hope the problem is also resolved for everyone as well. Hope the next MS debacle will not take as long to fix!

  3. Dakduif said on May 30, 2017 at 7:18 pm

    Somehow, when you just doggedly refresh the MS site you’re trying to visit, it will eventually load. Usually it doesn’t even take me all that many refreshes either.
    But yeah.. Hotmail, OneDrive.. all with that error message initially. Really ugly, stupid and annoying IMO.

  4. Dan said on May 30, 2017 at 6:21 pm

    This affects Office 365, SharePoint Online and Azure too. It’s a real blunder from Microsoft, considering how much it at stake for major corporations that have moved to the cloud and rely on O365 and other enterprise services offered by MS. Granted, most enterprises run IE or Chrome, but still, next time it’s one of those browsers. I’m surprised this hasn’t gotten much attention from other tech sites so far.

  5. Charlie said on May 30, 2017 at 4:26 pm

    Failed for me on Hotmail just now. Clicked to Retry 2-3 times and it finally connected

  6. bjm said on May 30, 2017 at 4:08 pm

    FWIW ~,,, & work okay (at this time) for me. FF 53.0.3

  7. TelV said on May 30, 2017 at 1:50 pm

    This problem cropped up once before back in 2014 and was supposedly fixed by Mozilla with a new PKIX code according to bug 972304 (see comment #8 by Brian Smith)

    So either FF53.0.3 disabled PKIX or something else has gone pear-shaped.

    I was reading an article on how to manually verify an OSCP server, but it looks a little daunting:

    Disabling OCSP stapling doesn’t sound like a good idea since it affects all sites across the range and not just

  8. TK said on May 30, 2017 at 1:21 pm

    I been having this problem in Hong Kong (Greenwich time +8) with Firefox since Monday morning, 29 May 2017 and still have the problem at this moment – Tuesday evening, 30 May 2017. I tried MS “Edge” and was able to log-on to Hotmail but cannot print any e-mail because the print “preview drop-down” page is BLANK! The same with attempts to print anything while using Edge for other domains. Besides, Edge is so poorly designed, I don’t think I will ever use it for anything. I have no problems using Google’s Chrome for access or printing.

    How could MS be making such stupid mistakes and not (more like refuse to) rectify them ASAP? Maybe they are too busy in the middle of enjoying their Memorial Day BBQ!

  9. Guin said on May 30, 2017 at 1:10 pm

    Me too (three, four, 1,001.) What a PITA.

  10. Melody Beck said on May 30, 2017 at 9:20 am

    I’m still having the problem and have for a day or two now while trying to figure out why or a way around it. As of right now, I only have problems with it for my hotmail account. If I use Microsoft edge to sign in, it works fine. I’m not a happy camper with Microsoft right now. People don’t have time to deal with this kind of stuff.

  11. Caesar Wong said on May 30, 2017 at 7:40 am

    I still have the problem, plus it seems to be affecting other sites too ( for one, off the top of my head). Does this point to some kind of larger problem with whatever OSCP is? (Sorry, I don’t understand security tech).

  12. XX said on May 30, 2017 at 7:18 am

    I got the same on Firefox on Mac when accessing

  13. captainsparkledotcom said on May 30, 2017 at 6:45 am

    Still not working, but I can access it via my history, saves opening other browsers!

  14. TroubleAhead said on May 30, 2017 at 4:44 am

    i believe it works fine in Nightly, but it brings up that prblem in 53 an 54

  15. Caesar said on May 30, 2017 at 4:25 am

    Thanks sooo much for updating people about these sort of issues. Thanks very very much…

  16. hahaha said on May 30, 2017 at 3:39 am

    I don’t encounter such problem visting the m$ sites in firefox.

    1. hirobo2 said on May 30, 2017 at 5:02 am

      It seems to have been resolved on Microsoft’s end.

      1. Lorenzo said on May 30, 2017 at 5:34 am

        Nope, I am still getting no loads on the bing news site trying to start up with Firefox. I have other browsers – no worries.

  17. Mark Hazard said on May 30, 2017 at 12:35 am

    Thanks for the report, Martin. I experienced this error on and wondered what the heck was happening.
    I find that pressing the “Try Again” button lets me connect.

  18. bjm said on May 29, 2017 at 10:25 pm

    Yes, could not reach Outlook Mail earlier today. Appears okay now.

  19. GalegO said on May 29, 2017 at 9:51 pm

    Another workaround: and works fine to access the webmail.

    1. rico said on May 30, 2017 at 7:49 pm

      that was easy ! Thanks GalegO

    2. b said on May 30, 2017 at 9:12 am


  20. hirobo said on May 29, 2017 at 9:48 pm

    OMG, it’s not just Windows, I’m getting the same error in Android.

  21. jasray said on May 29, 2017 at 8:52 pm

    Didn’t believe it, so I tried. Yes. Okay. When this type of thing happens, I find connecting to my SSH server on AWS resolves the problem. Yes, that works. But I don’t know why. I do wish I understood things like that. Quite frequently I notice that sites that don’t work will work if I go through some type of tunnel.

    Let’s try the 50GB freebie Windscribe I snagged here a few weeks ago: Yes, all sites working fine. I already have a different DNS than my ISP assigned DNS. Wonder what it is.

  22. T J said on May 29, 2017 at 8:33 pm

    Thanks for this report, Martin.
    I use Hotmail and I could not log in this morning with Firefox or Cyberfox. I had the same error report which you have posted. I tried Chrome and Hotmail was accessible. Thanks for the tip about OCSP stapling.

    How could MS overlook the fact that the certificate was invalid ?

    1. said on June 1, 2017 at 5:28 am

      Whenever I log into, it redirects me to

      Do people still get those errors after that?

      1. Martin Brinkmann said on June 1, 2017 at 5:48 am

        I read yesterday that Microsoft fixed the issue on 97% or so of all servers already. Probably fixed by now.

    2. John C. said on May 30, 2017 at 12:10 pm

      Given M$’s penchant for pure evil, the distinct possibility exists that it was deliberate. How better to make another browser look bad? I’m guessing that by now they’ve fixed the certificates so that their own browsers don’t have the same problem eventually.

      1. Anonymous said on May 30, 2017 at 3:01 pm

        Not fixed yet

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.