How to Disable CRL check on IIS 7.X

by jask2002 2. April 2012 10:33

On IIS 6 you can disable CRL check by running following command
 
C:\Inetpub\Adminscript\cscript.exe adsutil.vbs Set W3SVC\CertCheckMode 1 but on IIS 7 we don't have metabase.xml. Now this key has been moved to Registry 
 
From http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/

In IIS 6.0, IIS had stored SSL related information in the metabase and had managed a large part of the SSL negotiation process in conjunction with HTTP.SYS. In IIS 7 and above, we have moved most of this configuration into HTTP.SYS's store.

 

image

 

So you need to Set [Dword] DefaultSslCertCheckMode=1 to disable CRL check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443]DefaultSslCertCheckMode=1

Then Reboot the box for the changes to take into effect.


PayPal — The safer, easier way to pay online. Has this post helped you? Saved you? If you'd like to show your appreciation. Please buy me a coffee or make a small contribution toward blog's maintenance(to keep it Ads free )

Tags: , ,

http.sys | IIS 7

Comments (1) -

Cathy
Cathy United States
10/30/2014 5:31:57 AM #

Great, if you have time, then check out my website as well!

Reply

Pingbacks and trackbacks (1)+

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

Tag cloud

Month List

RecentComments

Comment RSS

TextBox

 

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.