244      iPhone_iPad_Mac_apple

Keychain Access and Certificate Validation

I set up a Certificate Authority and Certificate Revocation List (CRL) Distribution Point. I was testing it using Chrome. The steps I took:

1. Set up a web server that uses a server certificate containing a CRL distribution point URL.

2. Set up a CRL Distribution Point that issues a CRL that revokes the server certificate.

3. In Keychain Access > Preferences > Certificates, set "Certificate Revocation List" to "Require if certificate indicates".

4. Use Chrome to hit the web server.

I was expecting Chrome (or Keychain Access) would download the CRL form the Distribution Point and fail the connection because the server certificate has been revoked in the CRL. However it connected fine.

Questions:

A. Is there a Keychain Access log that I can check what happened in the certificate validation?

B. Does Keychain Access support a https URL for CRL Distribution Point?

Does this help?: certificate - Enable a CRL endpoint for my CA in Keychain Access - Ask Different

Apparently, this article only covers certifications generated by keychain access itself.

最後更新：2017-09-08 12:42:54

  上一篇： Mail.app is not sending pdf and images as Attec...

  下一篇： iCloud not working on Systems Preferences