IgnoreRevocationOffline
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13
Data type |
Range |
Default value |
---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Lets Extensible Authentication Protocol–Transport Level Security (EAP-TLS) clients connect even if a server that stores a relevant revocation list is not available on the network.
By default, EAP-TLS does not permit a client to connect unless it can complete a revocation check of the client's certificate chain and verify that none of the certificates has been revoked. If EAP-TLS cannot connect to a server that stores a revocation list, it considers the certificate to have failed the revocation check. However, you can add this entry to the registry to direct EAP-TLS to ignore errors related to unavailable servers.
This entry prevents a client from being denied permission to connect because poor network conditions prevented the revocation check from completing successfully.
Value |
Meaning |
---|---|
0 |
If the server cannot connect to a server that stores a revocation list, it considers a certificate to have failed the revocation check. |
1 |
If the server cannot connect to a server that stores a revocation list, it ignores the error and permits the client to connect. |
Note
This entry is effective only when it appears in the registry of a Routing and Remote Access server.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Related Entries