Hi Shawn, Thanks for the quick response as always. Can you please tell me what are the 3rd party products you refer to? Thanks again. PSK On 1/4/10 12:37 PM, "Shawn A. Geddis" <geddis@apple.com> wrote:
On Jan 4, 2010, at 2:19 PM, Paul Kwan wrote:
Hi ALL,
I can specify a different OCSP URL other than the one on my Smart Card with Windows client? Is there a way I can do the same on OS X? Thanks for the help.
PSK _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
Paul,
No. Mac OS X enforces what is in the certificate, because that is what can be absolutely validated.
There are third-party products which have incorporated additional services to rewrite/process the Cert Revocation URI found in the Cert to a *configurable* URI -- allowing you to go from CRLDistribution Points to AIA Extensions (for OCSP).
__________________________________________________ Shawn Geddis geddis@mac.com Security Consulting Engineer
MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________