phone usa +18456662567

phone uk +448726142710

Contact us on Skype gwsgroup | hangouts gws.desk       

Inaccessible SSL-protected site

When visiting a site that is protected with SSL (https) you might get sometimes a message

“Secure Connection Failed

An error occurred during a connection to thewebsite.com. The OCSP server suggests trying again later. (Error code: sec_error_ocsp_try_server_later)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.”

This can happen if you connect to ANY site that uses https (!) This problem is defined and caused by the browser's revocation settings (OCSP-stapling).  If you see this error happen in FF or IE and you switch to Chrome you will notice that access to any SSL (https) protected site with Chrome works because it doesn't really do SSL revocation checking at all. Firefox and IE users should disable revocation checking as it does not work in any incarnation so far. Mozilla (firefox) is considering joining Google's method in due course.

A good write up on why revocation does not work can be found at this link. It is written by Adam Langley who works on Google’s HTTPS serving infrastructure and Google Chrome’s network stack.

So if you cannot reach any of your own sites or one of our sites or any site that uses SSL with such message you will know now why this happens and how to resolve this. It is perfectly safe to switch off revocation checking in your browser:

  • For Firefox: Options > advanced > certificates > validation. Un-check the box that says "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates".

  • For Internet Explorer: Tools menu > select Internet Options > Advanced tab and then scroll down to the Security section > uncheck 'Check for server certificate revocation".
Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google BookmarksSubmit to StumbleuponSubmit to TechnoratiSubmit to TwitterSubmit to LinkedIn