On Fri, 2007-06-29 at 12:37 -0700, Les wrote: > Ok, I have a problem.... > I am accessing a secure site and I get the following error message(s) > For nearly every page I attempt to access I get: > Error trying to validate certificate from (pagename here) using OCSP > -directory lookup error. > > I am looking for suggestions of where to look, or who to contact (the > page admin? My ISP? logs about setup, setup issues?) > I googled and got information about OCSP via Wikipedia, but it didn't > help me too much. Can anyone provide any idea of what I need to do to > resolve this issue? Windows doesn't see the error on the same webpages, > which I checked just to see if it might be the webpage itself. I'm guessing that on Windows your browser is configured differently. Firefox, for instance, can check that a SSL certificate is still valid using OSCP. Look in the preference options, advanced section, encryption sub-section tab, and click the verification button in the certificates sub-section. That's the path for the current Firefox in F7, prior releases had it showing in a far less obscure location. There's a few options it has, you might want to change to another: * Don't bother double checking, just blindly trust the certificate. * Check the certificate with the OSCP that the certificate suggests. * Check the certificate with an OSCP that you've selected. Some websites, perhaps some might say a lot, are badly set up, and suggest that their certificate can be checked with a certain OSCP when that's just not going to work. The default is usually not to do any checking, which basically throws away SSL security. If the certificate got revoked, perhaps because it got stolen, you probably won't hear about it while you browse through a hijacked website. I try to use the middle option, most of the time it works. -- [tim@bigblack ~]$ rm -rfd /*^H^H^H^H^H^H^H^H^H^Huname -ipr 2.6.21-1.3228.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.