How Can I Disable CRL Checks For A Windows 2008 App Using WinHTTP?
Posted
by
Mike B
on Server Fault
See other posts from Server Fault
or by Mike B
Published on 2012-07-02T18:54:16Z
Indexed on
2012/07/02
21:18 UTC
Read the original article
Hit count: 352
I've got a Windows 2008 server with an app that uses WinHTTP for SSL sessions. The server is isolated from the internet but still tries to connect to CRL distribution points, which leads to some timeouts.
Since the server has no access to the internet whatsoever, I'd like to disable CRL checks.
I had a similar issue on a Windows 2003 server and resolved it by adjusting the following registry keys:
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Http/Parameters/SslBindiongInfo/0.0.0.0:443/DefaultSslCertCheckMode (DWORD=1)
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRevocationCheck (DWORD = 1)
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Rasman/PPP/EAP/13/NoRootRevocationCheck (DWORD = 1)
That doesn't seem to be working in 2008. I've also tried disabling the CRL check from IE under Tools >> Internet Options >> Advanced.
Is there anything else I can try here?
© Server Fault or respective owner