RevocationFreshnessTime Metabase Property

Applies To: Windows Server 2003, Windows Server 2003 with SP1

If the value of the CertCheckMode Metabase Property is set to MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME, the client's CRL is replaced by the CRL on the CA, even if the CRL that is cached on the client is valid. The value of this metabase property, RevocationFreshnessTime, in seconds, determines the frequency of this action.

The freshness time for a CRL is the period of time for which it is valid. If you set this property to a very short period of time, IIS makes many requests for an updated CRL, which can cause network delays. Setting a longer period of time for the RevocationFreshnessTime metabase property is recommended.

Attribute Name Attribute Value

XML Data Type

DWORD

WMI Data Type

SINT32

ADSI Data Type

DWORD

ABO Data Type

DWORD

ABO Metabase Identifier

MD_REVOCATION_FRESHNESS_TIME

Attributes

INHERIT

Default Value

0

MetaFlagsEx

CACHE_PROPERTY_MODIFIED

User Type

IIS_MD_UT_SERVER

ID

2161

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path IIS Admin Object Type

/LM/W3SVC/n

IIsWebServer

/LM/W3SVC

IIsWebService

Code Example

For general code examples, see Code Examples to Configure Metabase Properties.

  • For more information about using SSL and certificates with IIS 6.0, see IIS 6.0 Encryption.

For more information about certificate revocation and CRLs, see Revoking Certificates and Publishing CRLs.