NoRootRevocationCheck
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13
Data type |
Range |
Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
1 |
Description
Prevents Extensible Authentication Protocol–Transport Level Security (EAP-TLS) from performing a revocation check of the EAP client's root public key certificate.
The revocation check verifies that the public key certificate (and the certificates in its certificate chain) have not been revoked.
This entry prevents only the revocation check of the client's root certificate. A revocation check is still performed on the remainder of the client's certificate chain.
Value |
Meaning |
|---|---|
0 |
EAP-TLS performs a revocation check on the client's entire certificate chain, including the root certificate. |
1 |
EAP-TLS does not perform a revocation check on the root certificate. |
You can use this entry to authenticate clients whose certificate does not include certificate revocation list distribution points (CDPs), such as those from third parties and from the Microsoft Certificate Authority prior to Windows 2000. Also, this entry can prevent certification-related delays that occur when a certificate revocation list is offline or is expired.
.gif "Note Image")
Note
This entry is effective only when it appears in the registry of a Routing and Remote Access server.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
.gif "Tip Image")
Tip
This entry only disables the revocation check of the client's root certificate. To disable the revocation check of the entire certificate chain, use the NoRevocationCheck entry.
Related Entries
.gif "Page Image")