Using Mozilla 1.2 alpha, and having trouble accessing many sites when OCSP validation is turned on. The typical error is: " Error trying to validate certificate from secure3.ingdirect.com using OCSP - response contains a date which is in the future. "
What I'd like to see in the above error: the site it used to validte said certificate the invalid date eg: " Error trying to validate certificate from secure3.ingdirect.com via www.verisign.com using OCSP - response contains a date '99/99/9999' which is in the future. " Anyway, I ask the bank and they say that one of my root CAs has expired or that my clock is wrong. My clock is correct, so I set about trying to debug my certificates. I turn off OCSP verification, and examine the site's certificate with "Page Info". It says "The web site secure3.ingdirect.com supports authentication for the page you are viewing. The identity of this web site has been verified by VeriSign Trust Network, a certificate authority you trust for this purpose." - I assume there is some alternative to OCSP that Mozilla used to check ingdirect's certificate. I would like there to be a button "Verify using OCSP" to help be debug this. I did go through all my VeriSign certificates in Certificate Manager->Authorities, and all their Issued on/Expires On validity dates looked good. In the long run, help me with more verbose error messages. In the short run, help me get OSCP working. thanks
