luigi lins wrote: Thu Mar 06, 2025 9:38 pm
I opened the Google website and YouTube doesn't access the sites. I've tried everything and it doesn't work.
It could even be a problem with my internet connection, but I don't think so. Firefox works perfectly with Google websites and YouTube by default.
This "it works for me" / "it doesn't work for me" back and forth isn't helping anyone. It is not sufficient to say it "doesn't work", and it does not help to say "it does". Based on the information we have so far, I'm assuming the error is a security warning, able to be enabled and disabled by checking or unchecking the OCSP option under Security > Certificates.
So why are we not
actually checking the certificates? I can load Google on an old install of LibreWolf. OK... so it works for me, too.
But why?
I can check the TLS certificate Google uses to encrypt the connection to
www.google.com. It's signed by Google Trust Services.
I can click "View Certificates" in LibreWolf's Certificates settings and confirm that the Google Trust Services that issued
www.google.com cert shows up as a valid Certificate Authority. So far, so good.
I can also inspect the Authority Info of the
www.google.com cert, and I see that the OCSP endpoint is
http://o.pki.goog/wr2 and there's a .crt file I can fetch at
http://i.pki.goog/wr2.crt. OK. I can do an DNS lookup on o.pki.goog, an ANY record is best to use here, and I see that that URL has a CNAME redirection to pki-goog.l.google.com. Another ANY query for pki-goog.l.google.com and it resolves to an IP address. OK, so what does that mean?
It means that I can get to Google in LibreWolf only because each step of the certificate validation process that LibreWolf follows doesn't fail.
Walk through the process. Pinpoint where the process fails.