IgnoreNoRevocationCheck
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13
Data type |
Range |
Default value |
|---|---|---|
REG_DWORD |
0 | 1 |
0 |
Description
Lets Extensible Authentication Protocol–Transport Level Security (EAP-TLS) clients connect even if the server does not perform or cannot complete a revocation check of the client's certificate chain (excluding the root certificate). Typically, revocation checks fail because the certificate does not include revocation information.
By default, an EAP-TLS client cannot connect unless the server completes a revocation check of the client's certificate chain (including the root certificate) and verifies that none of the certificates has been revoked. However, you can use this entry to override the default behavior.
This entry does not interfere with the revocation check. Also, it does not permit clients to connect if the revocation check reveals that a certificate in the chain has been revoked.
Value |
Meaning |
|---|---|
0 |
Clients cannot connect unless a revocation check completes successfully. |
1 |
Clients can connect even if the revocation check cannot be completed. |
You can use this entry to authenticate clients whose certificate does not include certificate revocation list distribution points (CRPs), such as those from third parties and from the Microsoft Certificate Authority prior to Windows 2000.
.gif "Note Image")
Note
This entry is effective only when it appears in the registry of a Routing and Remote Access server.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Related Entries
.gif "Page Image")