Export (0) Print
Expand All

How to Enable CRL Checking for Software Updates

Updated: December 1, 2011

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

By default, the certificate revocation list (CRL) is not checked when verifying the signature on System Center 2012 Configuration Manager software updates. Checking the CRL each time a certificate is used offers more security against using a certificate that has been revoked, but it introduces a connection delay and incurs additional processing on the computer performing the CRL check.

If used, CRL checking must be enabled on the Configuration Manager consoles that process software updates.

  • On the computer performing the CRL check, from the product DVD, run the following from a command prompt: \SMSSETUP\BIN\X64\<language>\UpdDwnldCfg.exe/checkrevocation.

    For example, for English (US) you would run \SMSSETUP\BIN\X64\00000409\UpdDwnldCfg.exe /checkrevocation

For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft