Wednesday, 14 December 2011

Disable CRL Checking in IIS 6

It's been a bit of nightmare today, we've had quite a number of issues, ranging from missing CA certs to firewall issues, with routing issues and DNS issues thrown into the mix for good measure.

One by one we sorted the issues out and we kept getting a 403.13 error. We even got the CRL and followed this, but to now avail.

Unfortunately, we have no control over the firewall, so we are waiting for this to be sorted out but in the mean time I found how to disable CRL checking in IIS 6. You just need to run the trusted adsutil.vbs script from c:\inetpub\adminscripts like this:
cscript adsutil.vbs SET w3svc/<websiteid>/CertCheckMode 1
After setting this, it all started working. To switch CRL checking back on, use this:
cscript adsutil.vbs SET w3svc/<websiteid>/CertCheckMode 0
Now I just need to understand how CRL checking works in IIS, easy peasy.

3 comments:

  1. thanks! we had a firewall issue out of our control which broke our smart card enabled site. started getting the 403.13 errors, but never actually used CRL, so we just disabled it and the site is working again.

    ReplyDelete