Certificate validation method

Use this group policy to configure the certificate validation method.

For Certificate Revocation List, select one of the following settings:

  • Off:  No revocation checking is performed.
  • Best attempt:  The certificate passes unless the server returns an indication of a bad certificate. This setting is recommended for most environments.
  • Require if cert indicates:   If the URL to the revocation server is provided in the certificate, this setting requires a successful connection to a revocation server as well as no indication of a bad certificate. Specify this option only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.
  • Require for all certs:  This setting requires successful validation of all certificates. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server responder is not available, SSL and S/MIME evaluations could hang or fail.