Home > Internet, Windows Client > Disable Certificate Revocation Check

Disable Certificate Revocation Check


 

There may be several scenarios where we may experience long wait time for the services or application to start.
This problem is when the server has no internet access or when the server has limited internet access. One of the reasons for this issue is that the routine check of the certificate revocation list for .NET assemblies. Let’s see as how to disable the certificate revocation check in this article.

There are two ways to turn of the certificate revocation while doing a rollup update.

Turn off certificate revocation check in Internet Explorer:

Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab

Step 2: In the Security section => uncheck or clear the box for:

“Check for publisher’s certificate revocation”

“Check for server certificate revocation”

Step 3: Save Settings.

Turn off certificate revocation check in registry:

Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing

Step 2: Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal

This will disable the certificate revocation check & the rollup update will complete successfully. However, disabling the revocation check in production environment is not recommended. We have to make sure to enable it back. Certificate revocation checking protects our clients against the use of invalid server authentication certificates either because they have expired or because they were revoked.

Turn on certificate revocation check in Internet Explorer:

Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab

Step 2: In the Security section => check the box for:

“Check for publisher’s certificate revocation”

“Check for server certificate revocation”

Step 3: Save settings.

Turn on certificate revocation check in registry:

Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing

Step 2: Change Value “State” to 146432 Decimal or 0x00023c00 Hexadecimal.

Ref: http://msexchangeguru.com/2015/10/07/certificate-revocation-check/

 

Advertisements
Categories: Internet, Windows Client
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: