[SmartcardServices-Users] How can I specify alternate OCSP URL in OCS X?

Shawn A. Geddis geddis at apple.com
Mon Jan 4 12:37:05 PST 2010

On Jan 4, 2010, at 2:19 PM, Paul Kwan wrote:
> Hi ALL,
>     I can specify a different OCSP URL other than the one on my Smart Card with Windows client? Is there a way I can do the same on OS X? Thanks for the help.
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users


No.  Mac OS X enforces what is in the certificate, because that is what can be absolutely validated.

There are third-party products which have incorporated additional services to rewrite/process the Cert Revocation URI found in the Cert to a *configurable* URI -- allowing you to go from CRLDistribution Points to AIA Extensions (for OCSP).

Shawn Geddis				  			   geddis at mac.com
Security Consulting Engineer

MacOSForge Project Lead:                           Smart Card Services                                                                 
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100104/7891effc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3864 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100104/7891effc/attachment-0001.bin>

More information about the SmartcardServices-Users mailing list