# Firefox - Secure Connection Fails



## Quasar (Nov 23, 2017)

Using Firefox (my usual default) I get this message:

Secure Connection Failed

An error occurred during a connection to vi-control.net. The OCSP response does not include a status for the certificate being verified. Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.​
Chrome works fine. Not a complaint. Just thought I'd mention it.


----------



## StillLife (Nov 23, 2017)

Quasar said:


> Using Firefox (my usual default) I get this message:
> 
> Secure Connection Failed
> 
> ...


Yes, I got that too.


----------



## Ben H (Nov 23, 2017)

I've been trying to get in all day with Firefox, but it wouldn't let me.
Then I tried one of those is the website up or down websites, which told me it was up.
Only then did I try with another browser (Chrome), and managed to get in.


----------



## Przemek K. (Nov 23, 2017)

Same problem here with latest firefox version. I think VI need an update of sorts, regarding ssl encryption.


----------



## Mucusman (Nov 23, 2017)

Same here (Firefox on Windows 10) -- just started happening about 8 hours ago or so. Interestingly, the iOS mobile version of Firefox still works fine.


----------



## AllanH (Nov 23, 2017)

Same here. Chrome is fine.


----------



## williemyers (Nov 23, 2017)

same problem here, but on my MacBook, *both* Chrome & Safari give me a "404" refusal? I'm only able to get in now because I'm using a VPN proxy service https://us.hidester.com/


----------



## manifest (Nov 23, 2017)

Likewise on my end.


----------



## synthpunk (Nov 23, 2017)

Using Safari for now I guess.

re: Firefox Quantum 57.0, FF 56.0 Android erroring out.

@creativeforge @Mike Greene


----------



## williemyers (Nov 23, 2017)

Quanah said:


> 2. Once in, type *oscp* in the config search bar.


Quanah, I think you meant that to be *ocsp* ?


----------



## williemyers (Nov 23, 2017)

o.k., the about:config thing worked for my Firefox (57, Mac). But, for whatever reason, now I have to re-Login to VI-Control, everytime?! Equally puzzling, earlier when I tried to use Chrome or Safari, they reported back "404", but now they're o.k., as well? 
And it's Black Friday!!!
And I need to spend some money!!!


----------



## Quanah (Nov 23, 2017)

Well, I just deleted my whole post...haha slow start this a.m.

Anyway to recap: I had the same error. Searched it, and it has to do with ocsp stapling. Search the error and you will find the info.

The fast fix was this:
1. Open a tab and type* about:config* in the address bar.
2. Once in, type *ocsp* in the config search bar.
3. Toggle the parameter *security.ssl.enable_ocsp_stapling* from true to false

I had originally listed two parameters, but went back and just did the one and it works here. I don't know enough about the protocol yet, but just in the general search it seemed safe enough. Seeing as all the other browsers don't have a problem, I'm not overly worried with turning it off, and it is easily toggled back on.

Thanks @williemyers for the correction. (I'm on windows 10, btw.)


----------



## Quanah (Nov 23, 2017)

I *think* I got it all hammered out in the post above. You'll have to forgive me... I have Black Friday deals analysis fatigue.


----------



## synthpunk (Nov 23, 2017)

This worked for me. Tx! Were fairly confidant this does not jeopardize any browser security, right ?



Quanah said:


> Well, I just deleted my whole post...haha slow start this a.m.
> 
> Anyway to recap: I had the same error. Searched it, and it has to do with ocsp stapling. Search the error and you will find the info.
> 
> ...


----------



## Quasar (Nov 23, 2017)

Quanah said:


> I *think* I got it all hammered out in the post above. You'll have to forgive me... I have Black Friday deals analysis fatigue.


Your quick fix works here, and I don't _think_ disabling the stapling is a safety risk, but could negatively impact the speed of certificate verification at some sites, as it allows for the web server to provide creds directly, bypassing the source vendor. But I'm no expert and could be wrong.

"Deals analysis fatigue" LOL! Same here, but I'm absolutely going to disengage from the consumer side of all things DAW-related after 1/1/18.


----------



## manifest (Nov 23, 2017)

This is generally correct. If anyone is interested in what OCSP Stapling is prior to disabling it all together, here's a relatively non-technical article, albeit long if you have more relevant things to do with your time, describing the concept. 



Quasar said:


> Your quick fix works here, and I don't _think_ disabling the stapling is a safety risk, but could negatively impact the speed of certificate verification at some sites, as it allows for the web server to provide creds directly, bypassing the source vendor. But I'm no expert and could be wrong.
> 
> "Deals analysis fatigue" LOL! Same here, but I'm absolutely going to disengage from the consumer side of all things DAW-related after 1/1/18.


----------



## playz123 (Nov 23, 2017)

Same problem here with Firefox on both Mac and PC. Leary about tampering with settings, and would rather see this problem addressed here rather than via the Firefox quick fix. Everything was fine until something was changed here.
Firefox screen shows that "Changing these advanced settings can be harmful to the stability, security and performance of this application." It also says "this might void your warranty"...whatever that means.


----------



## synthpunk (Nov 23, 2017)

Kids, wives, dogs, turkeys, ham, potatoes, pies, and now off to a movie, what on earth do you mean ? 



Quanah said:


> I *think* I got it all hammered out in the post above. You'll have to forgive me... I have Black Friday deals analysis fatigue.


----------



## TGV (Nov 23, 2017)

I've got the problem too. It seems limited to Firefox. No idea why.


----------



## synthpunk (Nov 23, 2017)

I think thats the Mozilla kids being funny Frank, but I do wonder about the security myself, and of all the weekends for this to happen, this one.



playz123 said:


> Same problem here with Firefox on both Mac and PC. Leary about tampering with settings, and would rather see this problem addressed here rather than via the Firefox quick fix. Everything was fine until something was changed here.
> Firefox screen shows that "Changing these advanced settings can be harmful to the stability, security and performance of this application." It also says "this might void your warranty"...whatever that means.


----------



## NoamL (Nov 23, 2017)

Looks fixed now?


----------



## AllanH (Nov 23, 2017)

works for me without needing any about:config changes


----------



## Rob (Nov 23, 2017)

yeah now it works


----------



## Mike Greene (Nov 23, 2017)

Should be fixed now. Apparently we had a free SSL Certificate. So now we bought the $40 one, instead.

We'll need a fundraiser next week to pay for it


----------



## synthpunk (Nov 23, 2017)

Thank you Mike & Andre. Works fine on Mac and Android FFQ now.


----------



## williemyers (Nov 23, 2017)

synthpunk said:


> wives,


huh?


----------



## williemyers (Nov 23, 2017)

works for me now, on Firefox w/ OCSP set back to "true"


----------



## synthpunk (Nov 23, 2017)

It's a family holiday in states mate and there are wives  Luckily there are things like Man caves, Cellars, Workshops, Garages, Studios, and the Theater to escape to.



williemyers said:


> huh?


----------



## Mike Greene (Nov 23, 2017)

synthpunk said:


> Thank you Mike & Andre. Works fine on Mac and Android FFQ now.


To clarify, this was all André (and Claudio, who handles the hosting.) Other than panicked screaming, I contributed nothing. 



williemyers said:


> works for me now, on Firefox w/ OCSP set back to "true"


That's a good reminder to set OCSP back to "true."


----------



## TGV (Nov 23, 2017)

Works again. Cheers!


----------



## synthpunk (Nov 23, 2017)

Although @creativeforge Andre probably swore in french at me a few times since last night I am thankful (get it ?) of everything he does and the bitching he puts up with.


----------



## Quanah (Nov 23, 2017)

Excellent! Setting mine back to "true" as well! Thanks gang! If you are celebrating T-day, I wish you all a great and safe one!!


----------



## playz123 (Nov 23, 2017)

Mike Greene said:


> Should be fixed now. Apparently we had a free SSL Certificate. So now we bought the $40 one, instead.
> 
> We'll need a fundraiser next week to pay for it


   If i buy 'Screaming Trumpet' this weekend, will that help??


----------



## Ben H (Nov 23, 2017)

Thanks for fixing this.


----------



## creativeforge (Nov 24, 2017)

You're welcome guys. In fact, Claudio had to delete the present (free) certificate and installed a new (free) one (same company). Diagnostic took longer than the cure... After the holiday, we will however explore and prepare to install a (not free) new SSL, highly rated. For now, enjoy the family fun!


----------

