Using the Intranet CA, signed by GTE Cybertrust Root CA, both of which have been marked as trusted for all uses. Change preferences->Privacy&Security->Validation "Use OCSP to validate only certificates that specify an OCSP URL", which the Intranet CA does. I do not know the value of the URL however. The details spit out a bunch of hex values for the extension. All certs then become invalid. There is confusion for the following reasons: 1. All CA certs in the chain have been marked as trusted. 2. The viewing of the certificate details displays the following text: "The certificate has been verified for the following uses:" with an empty list of privileges. 3. The security info dialog in the composition window displays all certs signed by the intranet CA as invalid. There needs to be a better error message indicating that: - OCSP is being used instead of trust bits (which I believe is correct to override) - The certificate is valid, but it is valid for nothing (!) - Errors related to interacting with OCSP services. Invalid signature - can't sign Invalid encryption certs - encrypt anyway Verified for use: No entries

Are we fixing OCSP for RTM? It currently fails extremely ungracefully. see also bug 136469.

This is a problem with our intranet OCSP responder, not with mozilla. *** This bug has been marked as a duplicate of 108250 ***

.