Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: DCIFRTHS
DCIFRTHS Author
User level: Level 1
34 points

ocspd / 10.5.7 and Little Snitch. I'm confused.

After updating to OS X 10.5.7, I started to get messages, from Little Snitch (LS), stating that "ocspd" wants to connect to certinfo.mac.com using TCP Port 80. As I was somewhat confused by this request, I did a quick search, and found out that the OS is checking to see if the the root certificates have been revoked. Is this accurate? Also, based on the information I found, I created a rule to allow this connection FOREVER. Comments please.

What I find strange is that tonight, I started to get a message from LS regarding "ocspd" but this time it wants to connect to "EVIntl-ocsp.verisign.com" (also using TCP 80). The reverse DNS name is "TGV.ANYCAST-FO.CHI.versign.com". What is this connection alert coming from? If Apple has created a method to check for revoked certs, why is "ocspd" attempting to connect to "EVIntl-ocsp.verisign.com" at 199.7.48.72. Any information on this would be greatly appreciated.

Thanks.

Unibody 15" MBP, Mac OS X (10.5.6)

Posted on May 14, 2009 1:12 AM

Reply
17 replies
User profile for user: varjak paw
varjak paw
User level: Level 10
170,200 points

May 14, 2009 7:08 AM in response to DCIFRTHS

ocspd is the "Online Certificate Status Protocol" daemon that processes all certificate validation. This handles both CRL - Certificate Revocation Lists & OCSP - Online Certificate Status Protocol validation of certificates. It's part of both the part of the Keychain and certificate framework. Verisign is one of the common providers of Internet certificates so it's one of the services the ocspd process will contact for certificate updates and verification.

You do want to allow this process to connect, yes. Only if it were attempting to contact some completely unknown site would it be cause for followup to verify the site.

Message was edited by: Dave Sawyer
Reply
User profile for user: thirteen53
thirteen53
User level: Level 1
4 points

May 31, 2009 7:32 PM in response to DCIFRTHS

I am running 10.5.7 and recently upgraded to Little Snitch 2.1.3. The ocspd thing is a Little Snitch problem and not an OS problem. I just looked, and ocspd was listed as Deny Until Quit in Little Snitch Configuration. To fix this, just create a new rule for ocspd and Allow All Connections, or select Allow All Connections when the question box comes up again.

As for "get[ting] rid of the third party software (little snitch) and enjoy[ing] the Mac," no thank you. I'm a suspenders-and-belt kind of guy, and Little Snitch is a powerful defense against the bad people out there.
Reply
User profile for user: nerowolfe
nerowolfe
User level: Level 6
13,090 points

May 31, 2009 8:39 PM in response to thirteen53

Welcome to Apple Discussions:
Yes, more knowledge is always better than less. An informed user is a good user. Ignorance is not bliss - it is ignorance.
I use LittleSnitch and have discovered some interesting items such as the regularity with which the Apple time server is accessed, the actual locations of various Apple servers, such as the autosoftware update server, etc.
Useful?, I don't know; but it is interesting, yes.
Taking an active interest in things, to me, is much more valuable than a passive shrug 🙂
Reply

ocspd / 10.5.7 and Little Snitch. I'm confused.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up