Home
%3CLINGO-SUB%20id%3D%22lingo-sub-377134%22%20slang%3D%22en-US%22%3EDisable%20Client%20Certificate%20Revocation%20(CRL)%20Check%20on%20IIS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-377134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EI%20have%20been%20asked%20this%20question%20on%20several%20occasions%20on%20how%20to%20disable%20revocation%20check%20in%20IIS%207.%26nbsp%3B%20It%20was%20pretty%20easy%20for%20IIS%206%2C%20on%20IIS%207%20there%20is%20no%20documentation%20on%20how%20to%20do%20so.%20This%20post%20will%20describe%20on%20how%20to%20achieve%20this%20task.%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%22%3EFirstly%2C%20list%20out%20all%20the%20existing%20IIS%20bindings%20via%20command%20line%20as%20shown%20below%3A%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CTABLE%20border%3D%223%22%20width%3D%22600%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%20bgcolor%3D%22%23000000%22%3E%0A%3CTBODY%3E%0A%3CTR%20bgcolor%3D%22%23000000%22%3E%0A%3CTD%20width%3D%22594%22%20valign%3D%22top%22%20bgcolor%3D%22%23000000%22%3E%3CP%20align%3D%22center%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3Enetsh%20http%20show%20sslcert%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20bgcolor%3D%22%23000000%22%3E%0A%3CTD%20width%3D%22594%22%20valign%3D%22top%22%3E%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3E%3CU%3EDefault%20SSL%20Binding%20when%20added%20via%20IIS%20Manager%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EIP%3Aport%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200.0.0.0%3A443%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECertificate%20Hash%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2040db5bb1bf5659a155258d1d007c530fcb8996c2%20Application%20ID%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%20Certificate%20Store%20Name%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20My%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22background-color%3A%20%23ff0000%3B%22%3E%3CSTRONG%3EVerify%20Client%20Certificate%20Revocation%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Enabled%3C%2FSTRONG%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EVerify%20Revocation%20Using%20Cached%20Client%20Certificate%20Only%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Disabled%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EUsage%20Check%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Enabled%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ERevocation%20Freshness%20Time%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EURL%20Retrieval%20Timeout%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECtl%20Identifier%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20(null)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECtl%20Store%20Name%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20(null)%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EDS%20Mapper%20Usage%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Disabled%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ENegotiate%20Client%20Certificate%20%3A%20Disabled%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3ENOTE%3A%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CTABLE%20border%3D%222%22%20width%3D%22584%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%20bgcolor%3D%22%23778899%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22580%22%20valign%3D%22top%22%3E%3COL%3E%0A%3CLI%20style%3D%22text-align%3A%20left%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%3CSTRONG%3EClient%20Certificate%20Revocation%3C%2FSTRONG%3E%20is%20always%20enabled%20by%20default.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EApplication%20ID%20of%20%E2%80%9C%3C%2FSPAN%3E%3CSPAN%20style%3D%22background-color%3A%20%23ffff00%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3E%3CSTRONG%3E%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%E2%80%9D%20corresponds%20to%20%3CSTRONG%3EIIS%3C%2FSTRONG%3E.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%20In%20order%20to%20disable%20the%20revocation%20check%2C%20we%20need%20to%20delete%20the%20existing%20binding%20first.%20%3CSPAN%20style%3D%22background-color%3A%20%23a5a5a5%3B%22%3E%3CSTRONG%3EBefore%20you%20do%20that%2C%20make%20a%20note%20of%20the%20above%20details%2C%20especially%20the%20certificate%20hash.%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CTABLE%20border%3D%222%22%20width%3D%22600%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22596%22%20align%3D%22center%22%3E%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3E%3CU%3ENETSH%20command%20to%20delete%20existing%20SSL%20binding%3A%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22center%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3Enetsh%20http%20delete%20sslcert%20ipport%3D0.0.0.0%3A443%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3ENow%20add%20the%20binding%20again%20using%20netsh%20as%20shown%20below%3A%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CTABLE%20border%3D%222%22%20width%3D%22600%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22596%22%20valign%3D%22top%22%3E%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3E%3CU%3ENETSH%20command%20to%20add%20an%20SSL%20binding%20to%20disable%20CRL%20Check%3A%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3Enetsh%3C%2FSTRONG%3E%20http%20add%20sslcert%20%3CSTRONG%3Eipport%3C%2FSTRONG%3E%3D0.0.0.0%3A443%20%3CSTRONG%3Ecerthash%3C%2FSTRONG%3E%3D40db5bb1bf5659a155258d1d007c530fcb8996c2%20%3CSTRONG%3Eappid%3C%2FSTRONG%3E%3D%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%20%3CSTRONG%3Ecertstorename%3C%2FSTRONG%3E%3DMy%20%3CSPAN%20style%3D%22background-color%3A%20%23ffff00%3B%22%3E%3CSTRONG%3Everifyclientcertrevocation%3C%2FSTRONG%3E%3Ddisable%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EHighlighted%20portion%20of%20the%20above%20command%20depicts%20that%20we%20are%20disabling%20the%20client%20certificate%20revocation.%20This%20adds%20a%20DWORD%20at%20the%20following%20location%20in%20registry%3A%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CTABLE%20border%3D%222%22%20width%3D%22600%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22596%22%20valign%3D%22top%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%22%3E%3CSTRONG%3EREGISTRY%26nbsp%3B%20%3C%2FSTRONG%3E%3A%20HKLM%5CSYSTEM%5CCurrentControlSet%5CServices%5CHTTP%5CParameters%5CSslBindingInfo%20%3CSTRONG%3EDWORD%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3C%2FSTRONG%3E%3A%20DefaultSslCertCheckMode%20%3CSTRONG%3EValue%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3C%2FSTRONG%3E%3A%201%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%22%3E%3CSTRONG%3EDefaultSslCertCheckMode%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FSPAN%3Ecan%20take%20the%20following%20values.%20%3CA%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Faa364647.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EClick%20here%3C%2FA%3E%20for%20more%20info.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CTABLE%20class%3D%22MsoTableMediumShading2Accent5%22%20style%3D%22border%3A%20currentcolor%3B%20border-collapse%3A%20collapse%3B%22%20border%3D%221%22%20width%3D%22460%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%20align%3D%22center%22%3E%0A%3CTBODY%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20style%3D%22background%3A%20%234472c4%3B%20padding%3A%200cm%205.4pt%3B%20border%3A%202.25pt%20solid%20windowtext%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CP%20align%3D%22center%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2014pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3EVALUE%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%202.25pt%202.25pt%202.25pt%20medium%3B%20border-style%3A%20solid%20solid%20solid%20none%3B%20border-color%3A%20windowtext%20windowtext%20windowtext%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CP%20align%3D%22center%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2014pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3EMEANING%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20align%3D%22center%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E0%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20align%3D%22center%22%20style%3D%22background%3A%20%23d8d8d8%3B%20border-width%3A%20medium%202.25pt%20medium%20medium%3B%20border-style%3A%20none%20solid%20none%20none%3B%20border-color%3A%20currentcolor%20windowtext%20currentcolor%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3EEnables%20the%20client%20certificate%20revocation%20check%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20align%3D%22center%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E1%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20align%3D%22center%22%20style%3D%22border-width%3A%20medium%202.25pt%20medium%20medium%3B%20border-style%3A%20none%20solid%20none%20none%3B%20border-color%3A%20currentcolor%20windowtext%20currentcolor%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3EClient%20certificate%20is%20not%20to%20be%20verified%20for%20revocation.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20align%3D%22center%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E2%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20align%3D%22center%22%20style%3D%22background%3A%20%23d8d8d8%3B%20border-width%3A%20medium%202.25pt%20medium%20medium%3B%20border-style%3A%20none%20solid%20none%20none%3B%20border-color%3A%20currentcolor%20windowtext%20currentcolor%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3EOnly%20cached%20certificate%20revocation%20is%20to%20be%20used%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20align%3D%22center%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E4%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20align%3D%22center%22%20style%3D%22border-width%3A%20medium%202.25pt%20medium%20medium%3B%20border-style%3A%20none%20solid%20none%20none%3B%20border-color%3A%20currentcolor%20windowtext%20currentcolor%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3EThe%20%3CSTRONG%3EDefaultRevocationFreshnessTime%3C%2FSTRONG%3E%20setting%20is%20enabled%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2027.55pt%3B%22%3E%0A%3CTD%20width%3D%2285%22%20align%3D%22center%22%20style%3D%22background%3A%20%234472c4%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%2063.8pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20white%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E0x10000%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22373%22%20align%3D%22center%22%20style%3D%22background%3A%20%23d8d8d8%3B%20border-width%3A%20medium%202.25pt%202.25pt%20medium%3B%20border-style%3A%20none%20solid%20solid%20none%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20331.95pt%3B%20height%3A%2027.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3ENo%20usage%20check%20is%20to%20be%20performed%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CFONT%20size%3D%223%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EReview%20the%20SSL%20bindings%20after%20executing%20the%20above%20command.%20The%20%3CSTRONG%3ECRL%3C%2FSTRONG%3E%20check%20would%20be%20disabled.%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CTABLE%20border%3D%223%22%20width%3D%22600%22%20cellspacing%3D%220%22%20cellpadding%3D%222%22%20align%3D%22center%22%20bgcolor%3D%22%23000000%22%3E%0A%3CTBODY%3E%0A%3CTR%20bgcolor%3D%22%23000000%22%3E%0A%3CTD%20width%3D%22594%22%20valign%3D%22top%22%3E%3CP%20align%3D%22center%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Courier%20New%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3Enetsh%20http%20show%20sslcert%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20bgcolor%3D%22%23000000%22%3E%0A%3CTD%20width%3D%22594%22%20valign%3D%22top%22%3E%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%20font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3E%3CU%3ESSL%20Binding%20added%20via%20NETSH%20to%20disable%20CRL%3A%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EIP%3Aport%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200.0.0.0%3A443%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECertificate%20Hash%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2040db5bb1bf5659a155258d1d007c530fcb8996c2%20Application%20ID%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%20Certificate%20Store%20Name%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20My%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22background-color%3A%20%2300ff00%3B%20color%3A%20%23000000%3B%22%3E%3CSTRONG%3EVerify%20Client%20Certificate%20Revocation%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Disabled%3C%2FSTRONG%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EVerify%20Revocation%20Using%20Cached%20Client%20Certificate%20Only%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Disabled%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EUsage%20Check%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Enabled%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ERevocation%20Freshness%20Time%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EURL%20Retrieval%20Timeout%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%200%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECtl%20Identifier%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20(null)%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ECtl%20Store%20Name%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20(null)%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3EDS%20Mapper%20Usage%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Disabled%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20align%3D%22left%22%3E%3CSPAN%20style%3D%22color%3A%20%23ffffff%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Courier%20New%3B%20font-size%3A%20small%3B%22%3ENegotiate%20Client%20Certificate%20%3A%20Disabled%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%3CSPAN%20style%3D%22background-color%3A%20%23a5a5a5%3B%22%3E%3CSTRONG%3ENOTE%3C%2FSTRONG%3E%3A%20Client%20Certificate%20Revocation%20is%20always%20enabled%20by%20default.%3C%2FSPAN%3E%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EMore%20details%20on%20the%20%3CSTRONG%3Enetsh%20%3C%2FSTRONG%3Ecommands%20for%20%3CSTRONG%3EHTTP%20%3C%2FSTRONG%3Ecan%20be%20found%20here%3A%20%3CA%20title%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc725882(v%3Dws.10).aspx%23BKMK_2%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc725882(v%3Dws.10).aspx%23BKMK_2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc725882(v%3Dws.10).aspx%23BKMK_2%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%22%20align%3D%22center%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20large%3B%22%3E%3CSTRONG%3E%3CU%3EMORE%20INFORMATION%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3ENETSH%20Commands%20for%20HTTP%20in%20IIS%208%3A%3C%2FSTRONG%3E%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EWith%20IIS%20there%20are%20%3CSTRONG%3E2%3C%2FSTRONG%3E%20new%20SSL%20bindings%20viz.%20%3CSTRONG%3ESNI%20Bindings%3C%2FSTRONG%3E%20and%20%3CSTRONG%3ECCS%20Bindings%3C%2FSTRONG%3E.%20So%20the%20above%20commands%20have%20to%20be%20modified%20slightly%20to%20incorporate%20these%20changes.%20There%20are%202%20additional%20parameters%20to%20be%20considered%2C%20which%20are%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CTABLE%20class%3D%22MsoTableMediumShading2Accent1%22%20style%3D%22border%3A%20currentcolor%3B%20border-collapse%3A%20collapse%3B%22%20border%3D%221%22%20width%3D%22481%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%20align%3D%22center%22%3E%0A%3CTBODY%3E%0A%3CTR%20style%3D%22height%3A%2025.55pt%3B%22%3E%0A%3CTD%20width%3D%22138%22%20style%3D%22background%3A%20%234f81bd%3B%20padding%3A%200cm%205.4pt%3B%20border%3A%202.25pt%20solid%20windowtext%3B%20width%3A%20103.85pt%3B%20height%3A%2025.55pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%20style%3D%22text-align%3A%20center%3B%22%20align%3D%22center%22%3E%3CSPAN%20class%3D%22MsoHyperlink%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20black%3B%20line-height%3A%20105%25%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2014pt%3B%20text-decoration%3A%20none%3B%22%3ETag%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22341%22%20style%3D%22background%3A%20%234f81bd%3B%20border-width%3A%202.25pt%202.25pt%202.25pt%20medium%3B%20border-style%3A%20solid%20solid%20solid%20none%3B%20border-color%3A%20windowtext%20windowtext%20windowtext%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20299.3pt%3B%20height%3A%2025.55pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%20style%3D%22text-align%3A%20center%3B%22%20align%3D%22center%22%3E%3CSPAN%20class%3D%22MsoHyperlink%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22color%3A%20black%3B%20line-height%3A%20105%25%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2014pt%3B%20text-decoration%3A%20none%3B%22%3EValue%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2025.55pt%3B%22%3E%0A%3CTD%20width%3D%22138%22%20align%3D%22center%22%20style%3D%22background%3A%20%234f81bd%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20103.85pt%3B%20height%3A%2025.55pt%3B%22%3E%3CSTRONG%3E%3CSPAN%20class%3D%22MsoHyperlink%22%3E%3CSPAN%20style%3D%22color%3A%20black%3B%20line-height%3A%20105%25%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20font-size%3A%2012pt%3B%20text-decoration%3A%20none%3B%22%3Ehostname%3Aport%3C%2FSPAN%3E%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22341%22%20align%3D%22center%22%20style%3D%22background%3A%20%23d8d8d8%3B%20border-width%3A%20medium%202.25pt%202.25pt%20medium%3B%20border-style%3A%20none%20solid%20solid%20none%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20299.3pt%3B%20height%3A%2025.55pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3E%3CSPAN%20class%3D%22MsoHyperlink%22%3E%3CSPAN%20style%3D%22color%3A%20black%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20text-decoration%3A%20none%3B%22%3EUnicode%20hostname%20and%20port%20for%20binding.%3C%2FSPAN%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2025.55pt%3B%22%3E%0A%3CTD%20width%3D%22138%22%20align%3D%22center%22%20style%3D%22background%3A%20%234f81bd%3B%20border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20103.85pt%3B%20height%3A%2025.55pt%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20medium%3B%22%3E%3CSTRONG%3ECCS%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20width%3D%22341%22%20align%3D%22center%22%20style%3D%22border-width%3A%20medium%202.25pt%202.25pt%20medium%3B%20border-style%3A%20none%20solid%20solid%20none%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%20currentcolor%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20299.3pt%3B%20height%3A%2025.55pt%3B%22%3E%3CSPAN%20class%3D%22MsoHyperlink%22%3E%3CSPAN%20style%3D%22color%3A%20black%3B%20font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%20text-decoration%3A%20none%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3ECentral%20Certificate%20Store%20binding.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CFONT%20size%3D%223%22%3E%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3E%3CSTRONG%3Ehostname%3Aport%3C%2FSTRONG%3E%20is%20very%20similar%20to%20the%20%3CSTRONG%3Eip%3Aport%3C%2FSTRONG%3E.%20The%20only%20difference%20is%20that%20it%20takes%20a%20%3CSTRONG%3EUnicode%3C%2FSTRONG%3E%20string%20as%20an%20input%20along%20with%20the%20port%20number.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Segoe%20UI%3B%20font-size%3A%20small%3B%22%3EBelow%20are%20the%20modified%20commands%20for%20the%20corresponding%20bindings%20in%20%3CSTRONG%3EIIS%208%3C%2FSTRONG%3E%3A%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20class%3D%22MsoTableGrid%22%20style%3D%22border%3A%20currentcolor%3B%20margin-right%3A%206.75pt%3B%20margin-left%3A%206.75pt%3B%20border-collapse%3A%20collapse%3B%22%20border%3D%221%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%20align%3D%22center%22%20bgcolor%3D%22%23708090%22%3E%0A%3CTBODY%3E%0A%3CTR%20style%3D%22height%3A%2036.25pt%3B%22%3E%0A%3CTD%20width%3D%22594%22%20style%3D%22padding%3A%200cm%205.4pt%3B%20border%3A%202.25pt%20solid%20windowtext%3B%20width%3A%20445.4pt%3B%20height%3A%2036.25pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%3E%3CSTRONG%3E%3CU%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3ETo%20delete%20a%20SNI%20Binding%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%20align%3D%22left%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3Enetsh%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3E%20http%20delete%20%3CSPAN%20class%3D%22SpellE%22%3Esslcert%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Ehostnameport%3D%3CA%20href%3D%22http%3A%2F%2Fwww.sni.com%3A443%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewww.sni.com%3A443%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%20align%3D%22left%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2036.25pt%3B%22%3E%0A%3CTD%20width%3D%22594%22%20style%3D%22border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20445.4pt%3B%20height%3A%2036.25pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%3E%3CSTRONG%3E%3CU%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3ETo%20delete%20a%20CCS%20Binding%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3Enetsh%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3E%20http%20delete%20%3CSPAN%20class%3D%22SpellE%22%3Esslcert%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Eccs%3D443%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2036.25pt%3B%22%3E%0A%3CTD%20width%3D%22594%22%20style%3D%22border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20445.4pt%3B%20height%3A%2036.25pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%3E%3CSTRONG%3E%3CU%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3ETo%20add%20a%20SNI%20Binding%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3Enetsh%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3E%20http%20add%20%3CSPAN%20class%3D%22SpellE%22%3Esslcert%3C%2FSPAN%3E%20%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Ehostnameport%3D%3CA%20href%3D%22http%3A%2F%2Fwww.sni.com%3A443%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewww.sni.com%3A443%3C%2FA%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%20%3CSPAN%20class%3D%22SpellE%22%3Ecerthash%3C%2FSPAN%3E%3D40db5bb1bf5659a155258d1d007c530fcb8996c2%20%3CSPAN%20class%3D%22SpellE%22%3Eappid%3C%2FSPAN%3E%3D%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%20certstorename%3DMy%20%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Everifyclientcertrevocation%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3E%3Ddisable%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2036.25pt%3B%22%3E%0A%3CTD%20width%3D%22594%22%20style%3D%22border-width%3A%20medium%202.25pt%202.25pt%3B%20border-style%3A%20none%20solid%20solid%3B%20border-color%3A%20currentcolor%20windowtext%20windowtext%3B%20padding%3A%200cm%205.4pt%3B%20width%3A%20445.4pt%3B%20height%3A%2036.25pt%3B%22%3E%3CP%20class%3D%22MsoNormal%22%3E%3CSTRONG%3E%3CU%3E%3CSPAN%20style%3D%22font-family%3A%20'Segoe%20UI'%2C'sans-serif'%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3ETo%20add%20a%20CCS%20Binding%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3Enetsh%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20'Courier%20New'%3B%22%3E%20http%20add%20%3CSPAN%20class%3D%22SpellE%22%3Esslcert%3C%2FSPAN%3E%20%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Eccs%3D443%3C%2FSPAN%3E%3C%2FSTRONG%3E%20%3CSPAN%20class%3D%22SpellE%22%3Eappid%3C%2FSPAN%3E%3D%7B4dc3e181-e14b-4a21-b022-59fc669b0914%7D%20%3CSPAN%20class%3D%22SpellE%22%3E%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3Everifyclientcertrevocation%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20style%3D%22background%3A%20yellow%3B%22%3E%3Ddisable%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22MsoNormal%22%20style%3D%22margin-bottom%3A%200pt%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-377134%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ekaushalp%40microsoft.com%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

I have been asked this question on several occasions on how to disable revocation check in IIS 7.  It was pretty easy for IIS 6, on IIS 7 there is no documentation on how to do so. This post will describe on how to achieve this task. Firstly, list out all the existing IIS bindings via command line as shown below:

netsh http show sslcert

Default SSL Binding when added via IIS Manager

IP:port                      : 0.0.0.0:443

Certificate Hash             : 40db5bb1bf5659a155258d1d007c530fcb8996c2 Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914} Certificate Store Name       : My

Verify Client Certificate Revocation    : Enabled

Verify Revocation Using Cached Client Certificate Only    : Disabled

Usage Check                  : Enabled

Revocation Freshness Time    : 0

URL Retrieval Timeout        : 0

Ctl Identifier               : (null)

Ctl Store Name               : (null)

DS Mapper Usage              : Disabled

Negotiate Client Certificate : Disabled

NOTE:

  1. Client Certificate Revocation is always enabled by default.
  2. Application ID of “{4dc3e181-e14b-4a21-b022-59fc669b0914}” corresponds to IIS.
  • In order to disable the revocation check, we need to delete the existing binding first. Before you do that, make a note of the above details, especially the certificate hash.

NETSH command to delete existing SSL binding:

netsh http delete sslcert ipport=0.0.0.0:443

  • Now add the binding again using netsh as shown below:

NETSH command to add an SSL binding to disable CRL Check:

netsh http add sslcert ipport=0.0.0.0:443 certhash=40db5bb1bf5659a155258d1d007c530fcb8996c2 appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=My verifyclientcertrevocation=disable

 

  • Highlighted portion of the above command depicts that we are disabling the client certificate revocation. This adds a DWORD at the following location in registry:
REGISTRY  : HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo DWORD    : DefaultSslCertCheckMode Value         : 1

 

  • DefaultSslCertCheckMode can take the following values. Click here for more info.

VALUE

MEANING

0 Enables the client certificate revocation check
1 Client certificate is not to be verified for revocation.
2 Only cached certificate revocation is to be used
4 The DefaultRevocationFreshnessTime setting is enabled
0x10000 No usage check is to be performed

 

  • Review the SSL bindings after executing the above command. The CRL check would be disabled.

netsh http show sslcert

SSL Binding added via NETSH to disable CRL:

IP:port                      : 0.0.0.0:443

Certificate Hash             : 40db5bb1bf5659a155258d1d007c530fcb8996c2 Application ID               : {4dc3e181-e14b-4a21-b022-59fc669b0914} Certificate Store Name       : My

Verify Client Certificate Revocation    : Disabled

Verify Revocation Using Cached Client Certificate Only    : Disabled

Usage Check                  : Enabled

Revocation Freshness Time    : 0

URL Retrieval Timeout        : 0

Ctl Identifier               : (null)

Ctl Store Name               : (null)

DS Mapper Usage              : Disabled

Negotiate Client Certificate : Disabled

NOTE: Client Certificate Revocation is always enabled by default. More details on the netsh commands for HTTP can be found here: http://technet.microsoft.com/en-us/library/cc725882(v=ws.10).aspx#BKMK_2

MORE INFORMATION

NETSH Commands for HTTP in IIS 8: With IIS there are 2 new SSL bindings viz. SNI Bindings and CCS Bindings. So the above commands have to be modified slightly to incorporate these changes. There are 2 additional parameters to be considered, which are:

Tag

Value

hostname:port Unicode hostname and port for binding.
CCS Central Certificate Store binding.

hostname:port is very similar to the ip:port. The only difference is that it takes a Unicode string as an input along with the port number. Below are the modified commands for the corresponding bindings in IIS 8:

 

To delete a SNI Binding

netsh http delete sslcert hostnameport=www.sni.com:443

 

To delete a CCS Binding

netsh http delete sslcert ccs=443

 

To add a SNI Binding

netsh http add sslcert hostnameport=www.sni.com:443 certhash=40db5bb1bf5659a155258d1d007c530fcb8996c2 appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=My verifyclientcertrevocation=disable

 

To add a CCS Binding

netsh http add sslcert ccs=443 appid={4dc3e181-e14b-4a21-b022-59fc669b0914} verifyclientcertrevocation=disable