Firefox throws Secure Connection Failed for many Microsoft domains (Fix) - gHacks Tech News

Firefox throws Secure Connection Failed for many Microsoft domains (Fix)

When you try to connect select Microsoft owned domains such as Hotmail.com or Codeplex.com right now in Firefox, you may get a Secure Connection Failed error.

Sites that are affected by the issue include the following domains: hotmail.com, codeplex.com, visualstudio.com, azurewebsites.net, social.technet.microsoft.com, onedrive.live.com.

In fact, it appears that the majority of Microsoft owned domains are affected by the issue. Only some sites are not.

The error reads:

Secure Connection Failed

An error occurred during a connection to xyz.codeplex.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

When you try to load the site in another web browser, say Google Chrome or Internet Explorer, it loads fine and without any issues.

secure connection failed

If you check the OCSP range (which is the time period in which it is active), you will notice that it expired on May 28, 2017. While Firefox is strict when it comes to the information, Chrome is not. Google's Chrome browser allows the connection, but considers it as insecure instead, while Firefox blocks it outright.

Temporary Workaround

The only option that Firefox users have right now to access affected Microsoft domains is to disable OSCP Stapling in the browser. Well, another option would be to use a different browser until the issue is resolved.

  1. Type about:config in the address bar of Firefox and hit the Enter-key.
  2. Confirm that you will be careful if the notification is displayed.
  3. Search for the preference security.ssl.enable_ocsp_stapling.
  4. Double-click on it to set it to false.

Doing so turns off OCSP Stapling in the Firefox web browser. Firefox will load the sites that refused to load before. A restart is not required.

Note: Disabling OCSP Stapling may affect the functionality of other websites that you visit, provided that they make use of the security feature.

Summary
Firefox throws Secure Connection Failed for select Microsoft domains
Article Name
Firefox throws Secure Connection Failed for select Microsoft domains
Description
When you try to connect select Microsoft owned domains such as Hotmail.com or Codeplex.com right now in Firefox, you may get a Secure Connection Failed error.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. T J said on May 29, 2017 at 8:33 pm
    Reply

    Thanks for this report, Martin.
    I use Hotmail and I could not log in this morning with Firefox or Cyberfox. I had the same error report which you have posted. I tried Chrome and Hotmail was accessible. Thanks for the tip about OCSP stapling.

    How could MS overlook the fact that the certificate was invalid ?

    1. John C. said on May 30, 2017 at 12:10 pm
      Reply

      Given M$’s penchant for pure evil, the distinct possibility exists that it was deliberate. How better to make another browser look bad? I’m guessing that by now they’ve fixed the certificates so that their own browsers don’t have the same problem eventually.

      1. Anonymous said on May 30, 2017 at 3:01 pm
        Reply

        Not fixed yet

    2. www.com said on June 1, 2017 at 5:28 am
      Reply

      Whenever I log into hotmail.com, it redirects me to outlook.com

      Do people still get those errors after that?

      1. Martin Brinkmann said on June 1, 2017 at 5:48 am
        Reply

        I read yesterday that Microsoft fixed the issue on 97% or so of all servers already. Probably fixed by now.

  2. jasray said on May 29, 2017 at 8:52 pm
    Reply

    Didn’t believe it, so I tried. Yes. Okay. When this type of thing happens, I find connecting to my SSH server on AWS resolves the problem. Yes, that works. But I don’t know why. I do wish I understood things like that. Quite frequently I notice that sites that don’t work will work if I go through some type of tunnel.

    Let’s try the 50GB freebie Windscribe I snagged here a few weeks ago: Yes, all sites working fine. I already have a different DNS than my ISP assigned DNS. Wonder what it is.

  3. hirobo said on May 29, 2017 at 9:48 pm
    Reply

    OMG, it’s not just Windows, I’m getting the same error in Android.

  4. GalegO said on May 29, 2017 at 9:51 pm
    Reply

    Another workaround: outlook.com and live.com works fine to access the webmail.

    1. b said on May 30, 2017 at 9:12 am
      Reply

      Thanks!

    2. rico said on May 30, 2017 at 7:49 pm
      Reply

      that was easy ! Thanks GalegO

  5. bjm said on May 29, 2017 at 10:25 pm
    Reply

    Yes, could not reach Outlook Mail earlier today. Appears okay now.
    Thanks

  6. Mark Hazard said on May 30, 2017 at 12:35 am
    Reply

    Thanks for the report, Martin. I experienced this error on Outlook.com and wondered what the heck was happening.
    I find that pressing the “Try Again” button lets me connect.

  7. hahaha said on May 30, 2017 at 3:39 am
    Reply

    I don’t encounter such problem visting the m$ sites in firefox.

    1. hirobo2 said on May 30, 2017 at 5:02 am
      Reply

      It seems to have been resolved on Microsoft’s end.

      1. Lorenzo said on May 30, 2017 at 5:34 am
        Reply

        Nope, I am still getting no loads on the bing news site trying to start up with Firefox. I have other browsers – no worries.

  8. Caesar said on May 30, 2017 at 4:25 am
    Reply

    Thanks sooo much for updating people about these sort of issues. Thanks very very much…

  9. TroubleAhead said on May 30, 2017 at 4:44 am
    Reply

    i believe it works fine in Nightly, but it brings up that prblem in 53 an 54 https://bugzilla.mozilla.org/show_bug.cgi?id=1368388#c2

  10. captainsparkledotcom said on May 30, 2017 at 6:45 am
    Reply

    Still not working, but I can access it via my history, saves opening other browsers!

  11. XX said on May 30, 2017 at 7:18 am
    Reply

    I got the same on Firefox on Mac when accessing bing.com

  12. Caesar Wong said on May 30, 2017 at 7:40 am
    Reply

    I still have the problem, plus it seems to be affecting other sites too (taobao.com for one, off the top of my head). Does this point to some kind of larger problem with whatever OSCP is? (Sorry, I don’t understand security tech).

  13. Melody Beck said on May 30, 2017 at 9:20 am
    Reply

    I’m still having the problem and have for a day or two now while trying to figure out why or a way around it. As of right now, I only have problems with it for my hotmail account. If I use Microsoft edge to sign in, it works fine. I’m not a happy camper with Microsoft right now. People don’t have time to deal with this kind of stuff.

  14. Guin said on May 30, 2017 at 1:10 pm
    Reply

    Me too (three, four, 1,001.) What a PITA.

  15. TK said on May 30, 2017 at 1:21 pm
    Reply

    I been having this problem in Hong Kong (Greenwich time +8) with Firefox since Monday morning, 29 May 2017 and still have the problem at this moment – Tuesday evening, 30 May 2017. I tried MS “Edge” and was able to log-on to Hotmail but cannot print any e-mail because the print “preview drop-down” page is BLANK! The same with attempts to print anything while using Edge for other domains. Besides, Edge is so poorly designed, I don’t think I will ever use it for anything. I have no problems using Google’s Chrome for access or printing.

    How could MS be making such stupid mistakes and not (more like refuse to) rectify them ASAP? Maybe they are too busy in the middle of enjoying their Memorial Day BBQ!

  16. TelV said on May 30, 2017 at 1:50 pm
    Reply

    This problem cropped up once before back in 2014 and was supposedly fixed by Mozilla with a new PKIX code according to bug 972304 (see comment #8 by Brian Smith) https://bugzilla.mozilla.org/show_bug.cgi?id=972304

    So either FF53.0.3 disabled PKIX or something else has gone pear-shaped.

    I was reading an article on how to manually verify an OSCP server, but it looks a little daunting: https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html

    Disabling OCSP stapling doesn’t sound like a good idea since it affects all sites across the range and not just outlook.com

  17. bjm said on May 30, 2017 at 4:08 pm
    Reply

    FWIW ~ outlook.live.com, msn.com, technet.microsoft.com, visualstudio.com & onedrive.live.com work okay (at this time) for me. FF 53.0.3

  18. Charlie said on May 30, 2017 at 4:26 pm
    Reply

    Failed for me on Hotmail just now. Clicked to Retry 2-3 times and it finally connected

  19. Dan said on May 30, 2017 at 6:21 pm
    Reply

    This affects Office 365, SharePoint Online and Azure too. It’s a real blunder from Microsoft, considering how much it at stake for major corporations that have moved to the cloud and rely on O365 and other enterprise services offered by MS. Granted, most enterprises run IE or Chrome, but still, next time it’s one of those browsers. I’m surprised this hasn’t gotten much attention from other tech sites so far.

  20. Dakduif said on May 30, 2017 at 7:18 pm
    Reply

    Somehow, when you just doggedly refresh the MS site you’re trying to visit, it will eventually load. Usually it doesn’t even take me all that many refreshes either.
    But yeah.. Hotmail, OneDrive.. all with that error message initially. Really ugly, stupid and annoying IMO.

  21. TK said on May 31, 2017 at 3:59 am
    Reply

    After 2 days, I am finally able to access Hotmail via Firefox as of 09:00 (Greenwich time+8) Wed., 31 May 2017 in Hong Kong. Hope the problem is also resolved for everyone as well. Hope the next MS debacle will not take as long to fix!

  22. Rita said on September 16, 2017 at 6:59 pm
    Reply

    Had this problems,in spades. Had just bought a brand new laptop&was thinking it was junk,because I could’nt get anywhere on the web,without a ton of hassle. BUT,after doing the recommended solution above,I am now able to get from point A to point B,withot having to spend a half an hour,just to reach Google or Twitter ,or anything else I am trying to get to on the internet. Still runs a bit slow,loading the pages,but not that long(maybe a minute),but at least it saves me from a half an hour or so,of refreshes&’secure connection failed’ messeges. Also,I found that it fixed my Twitter issues,as well,as before I used the solution on this new laptop,I was’nt able to even post photos,much less GIFs,on Twitter&sometimes,it would’nt even post regular tweets. But now I can. Thank you. However,I do have a question : Is there any security countermeasures I can take,to make it safer to go on,without the ‘stapling’? How safe is this solution,in the long run?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.