Only Mozilla Firefox couldn’t access or display several websites that officially belonged to Microsoft. As it turns out, this wasn’t the result of the ongoing browser wars.
Several sub-domains, which belonged to Microsoft, refused to load on the latest and stable version of Mozilla Firefox web browser. Irrespective of the platform (mobile or desktop, iOS, Windows, or Android) they all worked perfectly well on Microsoft Edge, Apple Safari, Google Chrome, and other popular web browsers.
Internet users, who frequented Microsoft’s websites, were greeted with “Secure Connection Failed” error messages. As usual, the truth lay in the details, explained a developer who first discovered this anomaly, and wrote a detailed blog post.
Firefox users can't reach Microsoft[.]com and its subdomains this week due to an SSL certificate validation issue. Thankfully, there's a workaround—and, no, we don't mean 'just use Chrome!' 🙂https://t.co/711Rw4MTGQ pic.twitter.com/wklSzNCT34
— Ax Sharma (@Ax_Sharma) December 16, 2021
After trying the standard and routine troubleshooting steps, the developer looked closely at the error message that appeared in Mozilla Firefox. It read:
“An error occurred during a connection to docs.microsoft.com. The OCSP response does not include a status for the certificate being verified.
Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
• The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
• Please contact the website owners to inform them of this problem.”
As is apparent from the error message, the problem had something to do with “OCSP” and its “response” for “Cert” being missing. Needless to say, disabling OCSP stapling functionality in Firefox instantly resolved the issue.
It is important to note that disabling OCSP is not a recommended solution, although, it is a temporary workaround. OCSP stands for Online Certificate Status Protocol, which is a method for obtaining certificate revocation information.
Technical jargon aside, Mozilla Firefox refused to display Microsoft’s sub-domains because they aren’t doing their OCSP due-diligence. Simply put, the security protocol checks for certain certificates, and if they were revoked recently. In the absence of such information, Firefox simply chose not to display the sub-domains.
Microsoft has slipped up in the recent past, when it forgot to renew a security certificate. Incidentally, Mozilla Firefox seems to be the only web browser that goes the extra mile to check for such information.
Update: As pointed out by our readers, the latest update for Mozilla Firefox (version 95.0.1) fixes the issues with Microsoft websites. Firefox has started to recognize the SHA-2 OCSP response being sent from the site. It is truly commendable of Mozilla to address the issue so quickly. "Microsoft's OCSP response was faulty in that they supplied a SHA256 hash in a field that required a SHA1 hash." (Thanks Fleet Command for pointing it out.)
22 Comments - Add comment