Certificate Validation Method

Use this group policy to configure the certificate validation method.

For Certificate Revocation List, select one of the following settings:

• Off: No revocation checking is performed.
• Best attempt: The certificate passes unless the server returns an indication of a bad certificate. This setting is recommended for most environments.
• Require if cert indicates: If the URL to the revocation server is provided in the certificate, this setting requires a successful connection to a revocation server as well as no indication of a bad certificate. Specify this option only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.
• Require for all certs: This setting requires successful validation of all certificates. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server responder is not available, SSL and S/MIME evaluations could hang or fail.