Your profile's certificate and trust database appears to be corrupted, and therefore it can't check to see if the OCSP responder's certificate is okay.
You'll need to quit Firefox, move the current key*.db, cert*.db, and secmod.db files out of the profile directory (to a backup location), and then restart Firefox. After that, you'll need to reinstall the FNMT-RCM root certificate and edit its trust bits appropriately. (If you have added any PKCS11 modules, you will also need to re-add them.) -Kyle H On Mon, Mar 15, 2010 at 5:25 AM, Rafa M <rafa...@gmail.com> wrote: > Hi all, > > I'm testing some SSL sites in order to check SSL cert chains up to new root > certificate from FNMT-RCM (Spanish Mint). > > I've tried to connect several Official sites > (https://www.agenciatributaria.gob.es https://sedemeh.gob.es/) and I got > this response: Error code: sec_error_bad_database. > > This ocurrs when I enforce OCSP > (Tools->Options…->Advanced->Encryption->Validation and Select the box for > “When an OCSP server connection fails, treat the certificate as invalid”) > > I analyzed the network traffic (with WireShark tool) and I've could see that > OCSP is responding succesfully. > > I don't know why firefox is returning that error. Any idea? > > Thanks in advance, > > Rafa > > P.D.: Previously I've installed CA an sub-CA certificates in my browser: > http://www.cert.fnmt.es/certs/ACRAIZFNMTRCM.crt and > http://www.cert.fnmt.es/certs/ACRAIZAPE.crt > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
