Mac OS X 10.5 Help
Changing the validation settings for certificates
There are two common methods for verifying the validity of a certificate: Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL). Information about the status of certificates is stored on a revocation server. The security system of Mac OS X can check the revocation server to validate the certificate. You can change how certificate validation is performed in the Certificates pane of Keychain Access preferences.
To change the validation settings for a certificate:
Open Keychain Access, located in the Utilites folder in the Applications folder.
Choose Keychain Access > Preferences, and then click Certificates.
Choose a certificate validation method from the pop-up menu.
Off: No revocation checking will be performed.
Best Attempt: The certificate passes unless an indication of a bad certificate is returned from the server. This setting is best for most circumstances.
Require if Cert Indicates: If the URL to the revocation server is provided in the certificate, this setting requires a successful connection to a revocation server and no indication of a bad certificate. Use only in a tightly controlled environment that guarantees the presence of a CRL server or OCSP responder. If a CRL server or OCSP responder is not available, SSL and S/MIME evaluations could hang or fail.
Require for All Certs: This setting requires successful validation of all certificates. Use only in a tightly controlled environment that guarantees the presence of a CRL server or OCSP responder. If a CRL server or OCSP responder is not available, SSL and S/MIME evaluations could hang or fail.
Priority: Determines which method (OCSP or CRL) is attempted first. If the first method chosen returns a successful validation, the second method is not attempted.