The Online Certificate Status Protocol is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists, specifically addressing certain problems associated with using CRLs in a public key infrastructure

On ther other hand OCSP Stapling

OCSP stapling is designed to reduce the cost of an OCSP validation, both for the client and the OCSP responder, especially for large sites serving many simultaneous users. However, OCSP stapling supports only one OCSP response at a time, which is insufficient for certificate chains with intermediate CA certs.

Please, ensure that your ' security.ssl.enable_ocsp_must_staple ' and ' security.ssl.enable_ocsp_stapling ' are set to ' True ' for now hence this will ensure you will be able to open sites with lower and certificates issues by then will be able to bypass it. This is still ongoing issue that needs to be addressed when the most of the internet is still not fully standardized as secure and private.

Next, after you ensure it, please type in address bar ' about:config ' and press Enter. Here we need to change Security.OSCP.Enabled. Here you can opt-in for value 1 hence it is standard by default, but it is best to use value 2.

security.OCSP.enabled

Description: Query OCSP responder servers to confirm current validity of certificates

• 0: Disabled

• 1: Validate only certificates that specify an OCSP service URL (default)

• 2: Enable and use values in security.OCSP.URL and security.OCSP.signing