How to Disable CRL check on IIS 7.X

by jask2002 2. April 2012 10:33

On IIS 6 you can disable CRL check by running following command
 
C:\Inetpub\Adminscript\cscript.exe adsutil.vbs Set W3SVC\CertCheckMode 1 but on IIS 7 we don't have metabase.xml. Now this key has been moved to Registry 
 
From http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/

In IIS 6.0, IIS had stored SSL related information in the metabase and had managed a large part of the SSL negotiation process in conjunction with HTTP.SYS. In IIS 7 and above, we have moved most of this configuration into HTTP.SYS's store.

 

image

 

So you need to Set [Dword] DefaultSslCertCheckMode=1 to disable CRL check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443]DefaultSslCertCheckMode=1

Then Reboot the box for the changes to take into effect.


PayPal — The safer, easier way to pay online. Has this post helped you? Saved you? If you'd like to show your appreciation. Please buy me a coffee or make a small contribution toward blog's maintenance(to keep it Ads free )

Tags: , ,

http.sys | IIS 7

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About me

Hi there,

My name is  Jas and I'm currently working with Microsoft IIS/ASP.Net Escalation services.  Services

 

Tag cloud

Month List

RecentComments

Comment RSS

TextBox

 

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.