Wednesday 14 December 2011

Disable CRL Checking in IIS 6

It's been a bit of nightmare today, we've had quite a number of issues, ranging from missing CA certs to firewall issues, with routing issues and DNS issues thrown into the mix for good measure.

One by one we sorted the issues out and we kept getting a 403.13 error. We even got the CRL and followed this, but to now avail.

Unfortunately, we have no control over the firewall, so we are waiting for this to be sorted out but in the mean time I found how to disable CRL checking in IIS 6. You just need to run the trusted adsutil.vbs script from c:\inetpub\adminscripts like this:
cscript adsutil.vbs SET w3svc/<websiteid>/CertCheckMode 1
After setting this, it all started working. To switch CRL checking back on, use this:
cscript adsutil.vbs SET w3svc/<websiteid>/CertCheckMode 0
Now I just need to understand how CRL checking works in IIS, easy peasy.
Posted by at 20:42
Labels: , ,

4 comments:

  1. Anonymous24 February 2012 at 05:11

    very helpful

    ReplyDelete
  2. Anonymous29 May 2012 at 17:50

    thanks! we had a firewall issue out of our control which broke our smart card enabled site. started getting the 403.13 errors, but never actually used CRL, so we just disabled it and the site is working again.

    ReplyDelete
  3. searchkarlo5 December 2020 at 09:27

    how to cancel norton subscription

    ReplyDelete

Subscribe to: Post Comments (Atom)