My colleague Craig Watkins at Transcend, Inc. points out that not everyone has revocation enabled and provided a detailed explanation of how Mac OS users can enable this defense [...]To do this on Mac OS 10.6:
- Open Applications -> Utilities -> Keychain Access
- Under Keychain Access menu, select Preferences...
- Select the Certificates tab
- Set "Online Certificate Status Protocol (OCSP)" to
- Set "Certificate Revocation List (CRL)" to "Best Attempt"
- Set "Priority" to "OCSP"
Monday, April 4, 2011
Enable certificate checking on Mac OS X
Posted by Steve at 9:55 AM