Saturday
Nov122011
  
  
  
  Turning on OSCP and CRL in Keychain.app
 Saturday, November 12, 2011 at 09:39AM
Saturday, November 12, 2011 at 09:39AM You can enable Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) to obtain the revocation status of X.509 Certificates. This may hinder performance so we recommend that individual users set these options only temporarily.
- Open up your Keychain Access Application located in Applications/Utilities folder.
- Selet KeyChain Access>Prefences and toggle to the Certificates Pane.
- Set Online Certificate Status Protocol (OCSP) to Best Attempt.
- Set Certificate Revocation Listl (CRL) to Best Attempt.
- Set Priority to OCSP. 
- Close Preferences and Quit the Keychain Access appliction.
This is very important: This may hinder performance for certain users so we recommend that individual users set these options only temporarily especially when there are rouge certificates in the wild.
 Sean OConnell Public |  Comments Off  |
Sean OConnell Public |  Comments Off  |   






