How Can I Disable CRL Checks For A Windows 2008 App Using WinHTTP?

Posted by Mike B on Server Fault See other posts from Server Fault or by Mike B
Published on 2012-07-02T18:54:16Z Indexed on 2012/07/02 21:18 UTC
Read the original article Hit count: 354

I've got a Windows 2008 server with an app that uses WinHTTP for SSL sessions. The server is isolated from the internet but still tries to connect to CRL distribution points, which leads to some timeouts.

Since the server has no access to the internet whatsoever, I'd like to disable CRL checks.

I had a similar issue on a Windows 2003 server and resolved it by adjusting the following registry keys:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Http/Parameters/SslBindiongInfo/0.0.0.0:443/DefaultSslCertCheckMode (DWORD=1)

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRevocationCheck (DWORD = 1)

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRootRevocationCheck (DWORD = 1)

That doesn't seem to be working in 2008. I've also tried disabling the CRL check from IE under Tools >> Internet Options >> Advanced.

Is there anything else I can try here?

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about networking