[SmartcardServices-Users] How can I specify alternate OCSP URL in OCS X?
Shawn A. Geddis
geddis at apple.com
Mon Jan 4 12:37:05 PST 2010
On Jan 4, 2010, at 2:19 PM, Paul Kwan wrote:
> Hi ALL,
>
> I can specify a different OCSP URL other than the one on my Smart Card with Windows client? Is there a way I can do the same on OS X? Thanks for the help.
>
> PSK
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
Paul,
No. Mac OS X enforces what is in the certificate, because that is what can be absolutely validated.
There are third-party products which have incorporated additional services to rewrite/process the Cert Revocation URI found in the Cert to a *configurable* URI -- allowing you to go from CRLDistribution Points to AIA Extensions (for OCSP).
__________________________________________________
Shawn Geddis geddis at mac.com
Security Consulting Engineer
MacOSForge Project Lead: Smart Card Services
Web: http://smartcardservices.macosforge.org/
Lists: http://lists.macosforge.org/mailman/listinfo
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100104/7891effc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3864 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100104/7891effc/attachment-0001.bin>
More information about the SmartcardServices-Users
mailing list