Is it possible to disable OCSP Stapling on Windows Server 2008 / IIS7?
The problem is that FF30 does not allow access to a secure site if the server supports OCSP Stapling and the user's computer time is in the past. The error is sec_error_ocsp_future_response. So users are not able to access our site simply because their time is incorrect! If they don't report the error to us, we can't tell them what to do about it and we lose customers. So we need to disable OCSP Stapling.
I've tried these thing with no luck:
add RequestOCSP of type DWORD and set it to 0 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\
certutil –setreg chain\ChainCacheResyncFiletime @now
certutil -urlcache ocsp delete
OCSP Stapling is commonly disabled (for example, sites such as amazon and google disable it). Please let me know how to disableOCSP Stapling on IIS7.
