App Control: How to Disable Certificate Revocation Check for Outbound Verification

App Control: How to Disable Certificate Revocation Check for Outbound Verification

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Objective

How to disable certificate revocation from checking external sources for verification

Resolution

  1. On the App Control Console, click the Configuration (Gear) icon
  2. Click on the System Configuration page > Advanced Options tab
  3. Scroll down with the Certificate Options panel at the bottom
    1. Find the option for 'Background Revocation Check' 
    2. For each of the revocation settings, there are three possible values: 
      • Network – If revocation information is not locally available then use the network to retrieve the revocation status of a certificate
      • Cache – Use locally available revocation status information when performing certificate revocation (the network will not be used)
      • None – Do not perform certificate revocation checking

Additional Notes

  • Please keep in mind that certificate revocation is typically used in instances where the private signing key is lost or compromised. With this option disabled users will not be notified if a key is revoked
  • 'Background Revocation Check' determines whether, and if so, how a certificate revocation check is done in the background every 24 hours
  • Possible to see TCP port 443 traffic to external IP addresses by the parity.exe process when validating certificates

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
739
Contributors