by jask2002
2. April 2012 10:33
On IIS 6 you can disable CRL check by running following command
C:\Inetpub\Adminscript\cscript.exe adsutil.vbs Set W3SVC\CertCheckMode 1 but on IIS 7 we don't have metabase.xml. Now this key has been moved to Registry
From http://learn.iis.net/page.aspx/110/changes-between-iis-60-and-iis-7-security/
In IIS 6.0, IIS had stored SSL related information in the metabase and had managed a large part of the SSL negotiation process in conjunction with HTTP.SYS. In IIS 7 and above, we have moved most of this configuration into HTTP.SYS's store.
So you need to Set [Dword] DefaultSslCertCheckMode=1 to disable CRL check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443]DefaultSslCertCheckMode=1
Then Reboot the box for the changes to take into effect.
|
Has this post helped you? Saved you? If you'd like to show your appreciation. Please buy me a coffee or make a small contribution
toward blog's maintenance(to keep it Ads free )
|
49a277c9-4638-47f1-b437-e96a6e4f5bc6|2|4.5
Tags: CRL check, IIS 7, disable
http.sys | IIS 7
Subscribe