Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

How to Enable CRL Checking for Software Updates

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

By default, the certificate revocation list (CRL) is not checked when verifying the signature on Microsoft System Center Configuration Manager 2007 software updates. Checking the CRL each time a certificate is used offers more security against using a certificate that has been revoked, but it introduces a connection delay and incurs additional processing on the computer performing the CRL check.

If used, CRL checking must be enabled on the Configuration Manager 2007 consoles that process the software updates. If your site also supports software updates to Systems Management Server (SMS) 2003 clients, you would also enable CRL checking on the synchronization host computer.

To enable CRL checking

  • On the computer performing the CRL check, from the product DVD, run \SMSSETUP\BIN\<platform>\<language>\UpdDwnldCfg.exe/checkrevocation. For example, for x86 and English (US) you would run \SMSSETUP\BIN\I386\00000409\UpdDwnldCfg.exe /checkrevocation

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.