OS X:OCSP和CRL的设置

xiaoxiao2021-03-01  3

为了能使Safari自动地废止被废弃的认证,需要在用户的Keychain中设置OCSP和CRL打开:

Keychain Access程序中的Preferences, Certificates标签中,使用OCSP: 和CRL: 并设置为Best Attempt ,而优先级使用默认即可。

或者使用命令行:

To set the CRL settings:

defaults write com.apple.security.revocation CRLStyle -string BestAttempt

To set the OCSP settings:

defaults write com.apple.security.revocation OCSPStyle -string BestAttempt

其它的设置看这里的plist文件

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CRLStyle</key> <string>BestAttempt</string> <key>CRLSufficientPerCert</key> <true/> <key>OCSPStyle</key> <string>BestAttempt</string> <key>OCSPSufficientPerCert</key> <true/> <key>RevocationFirst</key> <string>OCSP</string> </dict> </plist>

转载请注明原文地址: https://www.6miu.com/read-3650223.html

最新回复(0)