Azure Portal rejects Firefox after certificate revocation SNAFU
C*ck-up not conspiracy – Redmond says 'OCSP stapling' has come undone
Microsoft's Azure Portal has become hostile to some clients, especially the Firefox browser.
The issue emerged at around 0900 GMT on Monday and meant that Firefox-wielding Azure users who wanted to manage their cloudy stuff with their preferred browser couldn't do so.
14 hours into the incident and Microsoft's status page now suggests that “An invalid OCSP signing certificate that has been cached is causing failures for a subset of customers.”
OCSP is the Online Certificate Status Protocol, an IETF RFC pertaining to revocation of X.509 certificates. OCSP stapling is an extension that improves the security of that RFC and is present in all major browsers and Web Servers.
Microsoft's advisory seems to be suggesting that an expired certificate is stuck in the works, but suggests “As a workaround, customers can use an alternative browser - Internet Explorer, Edge, Safari or Chrome” as the current fix. It's not clear whether Firefox's stapling implementation, or Azure's handling of Firefox traffic, is to blame.
Whatever the fault, Microsoft's cloudy crew has worked on it across the UK's Spring Bank Holiday and the USA's Memorial Day, and while the company's rolling advisories have now figured out what's wrong there's no timeframe offered for a fix.
There's no evidence this is anything other than a cock-up: Satya Nadella's Microsoft has almost completely lost interest in petty swings at rivals.
The Register will update this story as and when news comes to hand. ®
Sponsored: Becoming a Pragmatic Security Leader