FW_H_ServCertVerif

  • Article

To specify certificate revocation settings

  1. In the console tree of ISA Server Management, click General.

  2. In the details pane, click Specify Certificate Revocation Settings.

  3. Select Verify that incoming client certificates are not revoked.

  4. Select Verify that incoming server certificates are not revoked in a forward scenario, when ISA Server will check if server certificates from an upstream server are in the certificate revocation list (CRL).

  5. Select Verify that incoming server certificates are not revoked in a reverse scenario, when ISA Server will check if server certificates from a published server are in the CRL.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration and then click General.
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration and then click General.

Important

A CRL is a document maintained and published by a certification authority that lists certificates that have been revoked. It is important to configure which types of revoked certificates are not accepted by ISA Server, as revoked certificates may present a security risk.
When you select these options, if the certificate is in the CRL, the request will be denied.