Has anyone else noticed that secure-web5.secondlife.com:443 no longer gets a valid response for OCSP (Online Certificate Status Protocol). Or, more specifically, the OCSP Service URI: http://ocsp.digicert.com is returning the error -8048 (SEC_ERROR_OCSP_INVALID_SIGNING_CERT).
This occurs, for example, under Firefox if you have the encryption verification set to: "Use OCSP to validate only certificates that specify an OCSP service URL" (security.OCSP.enabled = 1).
HTTP Message Log...
+++SSL 323:+++
SSL Pass-Thru: secure-web5.secondlife.com:443
+++GET 324+++
POST / HTTP/1.1
Host: ocsp.digicert.com:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.1.
Gecko/20071008 Firefox/2.0.0.8Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Content-Length: 115
Content-Type: application/ocsp-request
Connection: keep-alive
Posting 115 bytes...
+++RESP 324+++
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2007 11:00:34 GMT
Server: Apache
Content-Length: 1572
Connection: close
Content-Type: application/ocsp-response
+++CLOSE 324+++
+++CLOSE 323+++
Returns: "Error establishing an encrypted connection to secure-web5.secondlife.com. Error Code: -8048"
Disabling the verification is the only workaround I've found so far: security.OCSP.enabled = 0. It worked fine up until a few days ago.