Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
Objective
How to disable certificate revocation from checking external sources for verification
Resolution
- On the App Control Console, click the Configuration (Gear) icon
- Click on the System Configuration page > Advanced Options tab
- Scroll down with the Certificate Options panel at the bottom
- Find the option for 'Background Revocation Check'
- For each of the revocation settings, there are three possible values:
- Network – If revocation information is not locally available then use the network to retrieve the revocation status of a certificate
- Cache – Use locally available revocation status information when performing certificate revocation (the network will not be used)
- None – Do not perform certificate revocation checking
Additional Notes
- Please keep in mind that certificate revocation is typically used in instances where the private signing key is lost or compromised. With this option disabled users will not be notified if a key is revoked
- 'Background Revocation Check' determines whether, and if so, how a certificate revocation check is done in the background every 24 hours
- Possible to see TCP port 443 traffic to external IP addresses by the parity.exe process when validating certificates
Related Content