I just upgraded our web server with a renewed cert as our current cert expires later this week. When I browse to our site via FF it is throwing this error:
Secure Connection Failed
An error occurred during a connection to www.rivworks.com.
Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
When I try IE (v6 - v8) I do not get this error. I've searched this site, Bing and Google and am not finding a solution for this. If I had long hair I'd be pulling it out!
Any help is appreciated!
ADDITIONAL INFO:
After working the search engines over I have come to conclude this is a problem in FF and not with my cert. My cert issuer has been going through it with a fine tooth comb and every thing they can do shows all of my cert chain is in working order. FF just hates a renewed cert!
The one (and only one) link I got for a possible fix is here: http://www.wallpaperama.com/forums/firefox-error-code-sec-error-revoked-certificate-t7301.html. This leads to the solution this guy came up with here: http://www.wallpaperama.com/forums/installing-ssl-certificate-in-a-godaddy-dedicated-server-with-ispconfig-t7300.html. Unfortunately - it is for a UNIX server and I don't know how to translate UNIX to WINDOWS SERVER 2003.
Any help?
Have you looked at the cert in FF or IE to see if you can get any clue as to what's wrong? Could it be that the certificate chain is broken because an intermediate certificate is no longer valid?
Solution on other sites regarding uncheck OSCP query on browsers (firefox in options or certificate settings to uncheck OSCP query option) doesn't seems right solution. OSCP (Online Certificate Status Protocol) is internet protocol used for obtaining the revocation status of your digital certificate. See details here
If OSCP response doesn't confirm certificate is OK, Browser will show Error such as sec_error_revoked_certificate . Better to check broken chain of certificate installed or its validity.
Browsers have options that will check for certificate revocation, and this check is most likely turned off for you in IE while enabled in FF. The option in IE is in Internet Options on the Advanced tab under the Security Heading - "Check for server certificate revocation)". Look to see if that's enabled on your browser. If not, check it and restart IE and you should start seeing IE tell you the same thing.
Just a thought, but check to see what the beginning date is that the certificate is valid. If it's some time in the future you should put your old cert back on the server.
I have had this problem too. To get around it in FireFox, you need to do the following:
As to why your certificate is on that list, I've no idea, but I had the same problem with our mail server, and is still currently unresolved.
I ran into this error and the reason was that major browsers have clamped down on CAs (Certificate Authorities) behaving badly.
The root certs of WoSign/StartCom and even some Symantec root certs have been revoked.
Annoyingly, looking at the cert didn't give me a clue as to what was wrong.
Source (Mozilla)
Source (Ars)