Can't access Beamdog Main site using Firefox

Galthariel

Started three days ago and tried almost everything I could find in Internet such export/import certificates and even deleted the cert8.db. which resets all the certificates in Firefox. The weird thing is that I can't access https://www.beamdog.com/ although I can access this forum.

No problems using Chrome, IE or Edge

The error message is the one below and there is no option to add an exception.

________________________________________________________________________________________________________________

Secure Connection Failed

An error occurred during a connection to www.beamdog.com. The OCSP response does not include a status for the certificate being verified. Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

mf2112

I see the same issue, it seems that Firefox is requiring OCSP Stapling for the certificate validation. For more detailed info including some interesting privacy concerns around OCSP usage, check here: https://maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/

For now, I would suggest going to about:config in Firefox, type OCSP in the top box. After testing on my machine, I think disabling these two settings only is sufficient. Double click them to change from True to False, then restart Firefox. https://www.beamdog.com will load normally then.

security.ssl.enable_ocsp_must_staple
security.ssl.enable_ocsp_stapling

This is not insecure, it just goes back to the old method of CRL fetching which is more reliable than OCSP but is running into performance and scaling issues, especially at the bigger certificate vendors. OCSP Stapling looks interesting and might be a good answer once they get some issues worked out and all the big cert vendors support it, but for now can be turned off safely IMHO.