Toggle OCSP Server Verification of Certificates in Firefox

Mozilla Firefox is considered one of the securest web browser because the developers at Mozilla Corporation are always working to add new features related to the online security. In Firefox, the developers have implemented a feature called OCSP server certificate verification. What this feature does is basically verify the status or validity of a secure server layer (SSL) certificate. Since the verification is done online each time you connect to the internet and use Firefox, the fake or fraudulent SSL certificates being used by various web sites can be easily identified.

The use of such fraudulent certificates is not a new observation. A Dutch firm DigiNotar issued some certificates in 2011 for some domains like and These certificates were later used to intercept the traffic data of people accessing these sites. DigiNotar later revoked the validity of these certificates. But the only way your web browser can know about the current status of the validity is through the OCSP (online certificate status protocol) verification.

But at the same time, OCSP might not work for freshly issued or incorrectly installed certificates even though you know that they are legitimate. In these cases, you may want to turn off the OCSP verification feature in Firefox temporarily.

OCSP Verification for Firefox

Whether you want to turn OCSP verification on or turn it off, you can do this from the Firefox options. Just type in about:preferences#advanced in the address bar and make sure that the checkbox labeled Query OCSP responder servers to confirm the current validity of servers is checked. Of course, unchecking this checkbox will disable this feature.

Another way to toggle the OCSP verification feature is through the about:config configuration manager. For this, you have to type about:config in the address bar, agree with the Firefox warranty alert, search for OCSP string, and then change the value of security.OCSP.enabled to 0 or 1. A value of 1 means that it is enabled, while a value of 0 means that it is disabled.

OCSP Verification for Firefox

Conclusion: The OCSP certificate validity verification feature in Firefox is very useful to avoid man-in-the-middle attacks when some proxy sites could pose as some popular sites and capture your online traffic. It can be toggled on or off based on your requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *