To view and change configurable certificate approval options, perform the following procedure.
Procedure
- On the console menu, click the Configuration (gear) icon and click System Configuration.
- On the System Configuration page, click the Advanced Options tab. The Advanced Options Configuration page opens, with the Certificate Options panel at the bottom.
Note:
The only advanced feature Mac supports is Initial/Background Revocation Check.
- At the bottom of the page, click the Edit button.
- To disable use of expired certificates, deselect the Expired Certificates check box.
- To re-enable use of expired certificates, select the Expired Certificates check box.
- Expired Certificates: Use of expired certificates is enabled by default. See Approval with Expired Certificates for information to assist in configuring this option.
- Exclude Publisher Approvals With These Certificate Algorithms: Review the currently selected check boxes in this field. See Excluding Certificate Algorithms for information to assist in configuring this option.
- To prevent publisher approvals of files signed by certificates with a certain algorithm, select the check box next to the algorithm name.
- To allow publisher approvals of files signed by a certificates with a certain algorithm, deselect the check box next to the algorithm name.
- Minimum Certificate Key Size for Approval: To change the minimum certificate key length required for a file to be approved by publisher, select a new value from the menu. See Minimum Key Size for information to assist in configuring this option.
- Digital Countersignatures: To require a countersignature for the digital signature of each certificate, select the Require countersignature check box. If you do not want to require a countersignature, deselect the Require countersignature check box. See Countersignature Options for information to assist in configuring this option.
- Initial/Background Revocation Check: Two separate settings control certificate revocation: initial, which controls the revocation check when a file is first discovered, and background, which controls ongoing checks that occur (if enabled) every 24 hours. See Revocation Checks for more about these settings.
- If you changed any settings, click the Update button at the bottom of the page and then cick Yes to save your changes.