Hi all,
I'm testing some SSL sites in order to check SSL cert chains up to new
root certificate from FNMT-RCM (Spanish Mint).
I've tried to connect several Official sites
(https://www.agenciatributaria.gob.es https://sedemeh.gob.es/) and I got
this response: Error code: sec_error_bad_database.
This ocurrs when I enforce OCSP
(Tools->Options…->Advanced->Encryption->Validation and Select the box
for “When an OCSP server connection fails, treat the certificate as
invalid”)
I analyzed the network traffic (with WireShark tool) and I've could see
that OCSP is responding succesfully. I attach a screenshot where you can
see OCSP Response (the server I've connected is
https://www.agenciatributaria.gob.es).
I don't know why firefox is returning that error. Any idea?
Thanks in advance,
Rafa
P.D.: Previously I've installed CA an sub-CA certificates in my browser:
http://www.cert.fnmt.es/certs/ACRAIZFNMTRCM.crt and
http://www.cert.fnmt.es/certs/ACRAIZAPE.crt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
