Our Information Security Office has given the following instructions to secure Safari agains the recently announced certificate hijacking:
Safari: OCSP is not enabled by default. To do enable it, open Keychain Access from Applications > Utilities. Choose Keychain Access > Preferences, then click on the Certificates tab. Set the first two options, for OCSP and CRL, to Best Attempt, and leave priority set to the default setting. This will tell Safari, or any other program that uses the built-in certificates on Mac OS X, to check these servers before accepting any SSL certificate on a web site. Does anyone know a quick way to alter these settings from the command line, so we can secure a few hundred 10.5 and 10.6 machines? TIA, Bill Morgan College of Fine Arts UT Austin _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
