Disable CRL

To disable CRL in our server it is necessary to follow these steps:

Browse to C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions14BIN

In this directory Create a file called “WSSADMIN.EXE.CONFIG

Populate it with the following:

<generatePublisherEvidence enabled=”false”/>

This disables checking for CAS publisher policy.

If that doesn’t work, try adding the following into your hosts file:

  • crl.microsoft.com
  • crl.verisign.com
  • ocsp.verisign.com
  • SVRSecure-G2-crl.verisign.com
  • SVRSecure-G3-crl.verisign.com
  • http://www.download.windowsupdate.com
  • SVRSecure-G2-aia.verisign.com

Then edit your server’s computer policy:

  • Alter the computer policy
    • Click on Start-Run
    • Type in “GPEdit.msc” and click “OK”
    • Expand Computer Configuration-Windows Settings-Security Settings-Public Key Policies
    • Double-click “Certificate Path Validation Settings”
    • Click on the “Network Retrieval” tab
    • Check the box “Define these policy settings”
    • Uncheck “Automatically update certificates in the Microsoft Root Certificate Program (recommended)” and “Allow issuer certificate (AIA) retrieval during path validation (recommended”
    • Click on “OK”
    • Close out of GPEdit.msc

That’s all!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s