Disable Certificate Revocation Check
There may be several scenarios where we may experience long wait time for the services or application to start.
This problem is when the server has no internet access or when the server has limited internet access. One of the reasons for this issue is that the routine check of the certificate revocation list for .NET assemblies. Let’s see as how to disable the certificate revocation check in this article.
There are two ways to turn of the certificate revocation while doing a rollup update.
Turn off certificate revocation check in Internet Explorer:
Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab
Step 2: In the Security section => uncheck or clear the box for:
“Check for publisher’s certificate revocation”
“Check for server certificate revocation”
Step 3: Save Settings.
Turn off certificate revocation check in registry:
Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing
Step 2: Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal
This will disable the certificate revocation check & the rollup update will complete successfully. However, disabling the revocation check in production environment is not recommended. We have to make sure to enable it back. Certificate revocation checking protects our clients against the use of invalid server authentication certificates either because they have expired or because they were revoked.
Turn on certificate revocation check in Internet Explorer:
Step 1: In Internet Explorer => go to Tools =>Internet Options => Advanced tab
Step 2: In the Security section => check the box for:
“Check for publisher’s certificate revocation”
“Check for server certificate revocation”
Step 3: Save settings.
Turn on certificate revocation check in registry:
Step 1: Open registry editor => Navigate to the following key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing
Step 2: Change Value “State” to 146432 Decimal or 0x00023c00 Hexadecimal.
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
