How to Configure Certificate Filtering for Offline Address Books


Topic Last Modified: 2005-05-18

Use this procedure to configure certificate filtering for offline address books.

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. On the Exchange Server computer, open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\System\CurrentControlSet\Services\MSExchangeSA\Parameters.

  3. Right-click Parameters and select New | DWORD value. Name the DWORD value OAL Invalid Cert Behavior.

  4. In the right pane, double-click OAL Invalid Cert Behavior and type the desired value:

    • 0 – Filter out expired and invalid certificates (default)

    • 1 – Filter out only expired certificates

    • 2 – Do not filter the UserCertificate attribute

  5. Close the registry editor and restart the Microsoft Exchange System Attendant service for the change to take effect.