Can Windows log CryptoAPI CRL timouts?

Posted by makerofthings7 on Server Fault See other posts from Server Fault or by makerofthings7
Published on 2012-06-02T03:53:02Z Indexed on 2012/06/02 4:42 UTC
Read the original article Hit count: 651

Filed under:
|
|
|
|

We have several .NET applications that occasionally "act slow" with no CPU or disk access. I suspect that they are hung up on authentication when trying to validate the certificate, since the timeout is almost 20 seconds.

As per this MSFT article

Most applications do not specify to CryptoAPI to use a cumulative time-out. If the cumulative time-out option is not enabled, CryptoAPI uses the CryptoAPI default setting which is a time-out of 15 seconds per URL. If the cumulative time-out option specified by the application, then CryptoAPI will use a default setting of 20 seconds as the cumulative timeout. The first URL receives a maximum timeout of 10 seconds. Each subsequent URL timeout is half of the remaining balance in the cumulative timeout value.

Since this is a service, how can I detect and log CryptoAPI hangs for applications I have sourcecode to, and also 3rd party

© Server Fault or respective owner

Related posts about Windows

Related posts about certificate