Disable CRL

To disable CRL in our server it is necessary to follow these steps:

Browse to C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BIN

In this directory Create a file called “WSSADMIN.EXE.CONFIG

Populate it with the following:

<configuration>
<runtime>
<generatePublisherEvidence enabled=”false”/>
</runtime>
</configuration>

This disables checking for CAS publisher policy.

If that doesn’t work, try adding the following into your hosts file:

  • 0.0.0.0 crl.microsoft.com
  • 0.0.0.0 crl.verisign.com
  • 0.0.0.0 ocsp.verisign.com
  • 0.0.0.0 SVRSecure-G2-crl.verisign.com
  • 0.0.0.0 SVRSecure-G3-crl.verisign.com
  • 0.0.0.0 http://www.download.windowsupdate.com
  • 0.0.0.0 SVRSecure-G2-aia.verisign.com

Then edit your server’s computer policy:

  • Alter the computer policy
    • Click on Start-Run
    • Type in “GPEdit.msc” and click “OK”
    • Expand Computer Configuration-Windows Settings-Security Settings-Public Key Policies
    • Double-click “Certificate Path Validation Settings”
    • Click on the “Network Retrieval” tab
    • Check the box “Define these policy settings”
    • Uncheck “Automatically update certificates in the Microsoft Root Certificate Program (recommended)” and “Allow issuer certificate (AIA) retrieval during path validation (recommended”
    • Click on “OK”
    • Close out of GPEdit.msc

That’s all!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s