Collections:
Other Resources:
Manage Network Retrieval and Path Validation
To be effective, certificate-related data such as trusted root certificates, cross- certificates, and certificate revocation lists (CRLs) must be updated in a timely manner. Network retrieval and path validation settings allow administrators to:
This topic includes procedures for the following tasks:
Managing CRL retrieval
Obtaining timely certificate revocation data is an important element in secure certificate use. However, problems can arise if validation checking and retrieval of certificate revocation data and cross-certificates time out because more data is being transferred than originally anticipated.
Network retrieval options in public key Group Policy allow administrators to manage network retrieval timeout values.
Increasing the retrieval timeout option for large CRLs for a local computer
Administrators is the minimum group membership required to complete this procedure.
☞ | To increase the retrieval timeout option for large CRLs for a local computer |
Click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.
In the console tree under Local Computer Policy\Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Network Retrieval tab.
Select the Define these policy settings check box.
Under Default retrieval timeout settings, enter a timeout value in the Default URL retrieval timeout (in seconds) box, and then click OK to apply the new settings.
Increasing the retrieval timeout option for large CRLs for a domain
Domain Admins is the minimum group membership required to complete this procedure.
☞ | To increase the retrieval timeout option for large CRLs for a domain |
Click Start, point to Administrative Tools, and click Server Manager.
Under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.
After the Installation Results page shows that the installation of the Group Policy Management Console (GPMC) was successful, click Close.
Click Start, point to Administrative Tools, and then click Group Policy Management.
In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit.
Right-click the Default Domain Policy GPO, and then click Edit.
In the console tree under Computer Configuration\Windows Settings\Security Settings, click Public Key Policies.
Double-click Certificate Path Validation Settings, and then click the Network Retrieval tab.
Select the Define these policy settings check box.
Under Default retrieval timeout settings, enter a timeout value in the Default URL retrieval timeout (in seconds) box, and then click OK to apply the new settings.
Additional references
✍: Microsoft
2016-07-17, 5495🔥, 0💬
Popular Posts:
How to get a list of all command options supported by "certmgr.exe"? You can see a list of all comma...
Certificate Summary: Subject: *.mail.yahoo.com Issuer: DigiCert High Assurance CA-3 Expiration: 2013...
How to export the Website certificate to a file from Apple Safari? I can view the certificate used b...
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extension...
Certificate Summary: Subject: *.facebook.com Issuer: DigiCert SHA2 High Assurance Server CA Expirati...