False Positive SSL "Peer's Certificate Has Been Revoked" on Firefox Only

Jonah picture Jonah · Sep 11, 2011 · Viewed 9.1k times · Source

One of my client's is having a problem that is vexing both their system admin and godaddy support, who say that everything is correct and this error should not be happening. Their SSL certificate is valid and seems to be correctly installed:

http://www.sslshopper.com/ssl-checker.html#hostname=moocho.com

It also works find on IE and Chrome. However, on firefox users are getting this error (firefox 7 users seem to get the error on every single page load):

Firefox SSL Error

Relevant History: Last week (about 7-10 days ago) they were using a different certificate that was revoked. However, they received a new SSL Cert on 9/5 or 9/6, and this is the one that is currently installed.

I think this might have something to do with the OCSP service that firefox uses to check certificate authenticity. Could that service have cached data from when the old cert was revoked, and hence still be reporting that moocho.com has a revoked cert? If so, is there any way to fix this problem?

If not, what is causing this error?

Thanks!

Answer

Wladimir Palant picture Wladimir Palant · Sep 12, 2011

This is not a false positive. If you look at the warning message closely, it refers to moochomoocho.com, not moocho.com. The certificate on https://moochomoocho.com/ is indeed revoked and other browsers show it as well. The fact that you don't see a warning in other browsers might be because the only content being loaded from moochomoocho.com is the favicon of the page - other browsers drop it silently instead of alerting the user.