To view and change configurable certificate approval options, perform the following procedure.

Procedure

  1. On the console menu, click the Configuration (gear) icon and click System Configuration.
  2. On the System Configuration page, click the Advanced Options tab. The Advanced Options Configuration page opens, with the Certificate Options panel at the bottom.
    Note:

    The only advanced feature Mac supports is Initial/Background Revocation Check.

  3. At the bottom of the page, click the Edit button.
    • To disable use of expired certificates, deselect the Expired Certificates check box.
    • To re-enable use of expired certificates, select the Expired Certificates check box.
  4. Expired Certificates: Use of expired certificates is enabled by default. See Approval with Expired Certificates for information to assist in configuring this option.
  5. Exclude Publisher Approvals With These Certificate Algorithms: Review the currently selected check boxes in this field. See Excluding Certificate Algorithms for information to assist in configuring this option.
    • To prevent publisher approvals of files signed by certificates with a certain algorithm, select the check box next to the algorithm name.
    • To allow publisher approvals of files signed by a certificates with a certain algorithm, deselect the check box next to the algorithm name.
  6. Minimum Certificate Key Size for Approval: To change the minimum certificate key length required for a file to be approved by publisher, select a new value from the menu. See Minimum Key Size for information to assist in configuring this option.
  7. Digital Countersignatures: To require a countersignature for the digital signature of each certificate, select the Require countersignature check box. If you do not want to require a countersignature, deselect the Require countersignature check box. See Countersignature Options for information to assist in configuring this option.
  8. Initial/Background Revocation Check: Two separate settings control certificate revocation: initial, which controls the revocation check when a file is first discovered, and background, which controls ongoing checks that occur (if enabled) every 24 hours. See Revocation Checks for more about these settings.
  9. If you changed any settings, click the Update button at the bottom of the page and then cick Yes to save your changes.