I am running succesfully website on WinServer IIS with https.This is done inside a company, for internal use. Certificate is signed by internal CA that is correctly registered.The site loads correctly on Chrome and Edge , but fails with firefox with this error:SEC_ERROR_OCSP_INVALID_SIGNING_CERT
Sometimes it works with Firefox, sometimes (most of the time it fails)I did some test with openssl and concluded that ocsp response was 'good'also i add below wireshark trace where you see:
- Me : firefox client
- Tas-Dev: the website with https
- Ocsp: the ocsp server
sometimes , not systematic i observe 2 (request+reply) to ocsp serveralways reply of ocsp server is as shown on screenshot 'good'and firefox closes connection just after the last ocsp server answer with a 'FIN ACK' without displaying content of the web page.
I am struggling alone as my IT chief claims that only Chrome is supported officially ... LOL
by curiosity i have tried to browse to the ocsp URI indicated in certificate of https server with my browser (with HTTP GET) and I have a http 500 on IIS, - maybe out of scope because ocsp is http POST, but i want to add this note as i find it buggy.