Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

34 points

ocspd / 10.5.7 and Little Snitch. I'm confused.

After updating to OS X 10.5.7, I started to get messages, from Little Snitch (LS), stating that "ocspd" wants to connect to certinfo.mac.com using TCP Port 80. As I was somewhat confused by this request, I did a quick search, and found out that the OS is checking to see if the the root certificates have been revoked. Is this accurate? Also, based on the information I found, I created a rule to allow this connection FOREVER. Comments please.

What I find strange is that tonight, I started to get a message from LS regarding "ocspd" but this time it wants to connect to "EVIntl-ocsp.verisign.com" (also using TCP 80). The reverse DNS name is "TGV.ANYCAST-FO.CHI.versign.com". What is this connection alert coming from? If Apple has created a method to check for revoked certs, why is "ocspd" attempting to connect to "EVIntl-ocsp.verisign.com" at 199.7.48.72. Any information on this would be greatly appreciated.

Thanks.

Unibody 15" MBP, Mac OS X (10.5.6)

Posted on May 14, 2009 1:12 AM

17 replies

bbiiggaa

Level 1

11 points

Aug 3, 2009 3:18 AM in response to Barry Hemphill

Barry...Some relevant technical information, rather than an unnecessary opinion would be more useful. Thanks to Dave for his informed and concise feedback.

bbulmer

Level 1

10 points

Aug 10, 2009 9:44 PM in response to DCIFRTHS

Heh, as dave quoted; If you just do a man ocspd in terminal, you get your answer.
Or hit up the OS X man pages in HTML online.
This one in particualr at:

http://developer.apple.com/documentation/Darwin/Reference/Manpages/man1/ocspd.1. html

I still don't agree with ocspd checking so frequently now. When just browsing the web, I get this notification frequently, I deny 75% of the time, unless I know I'm doing something that needs certs, like iweb or similar.

Be Safe...

ocspd / 10.5.7 and Little Snitch. I'm confused.