How to avoid Delta CRL download errors on Windows Server 2008 with IIS7
Published Jan 24 2020 01:42 PM 863 Views

First published on TECHNET on Feb 24, 2008

If delta CRLs are hosted on a Windows Server 2008 server running Internet Information Server 7 (II7), the configuration of a request filter must be changed in the IIS7 configuration.




IIS7.0 does not allow URI’s that do not match upon double escaping. Delta CRLs fall into that category because of the plus sign in the filename.




To change the filter for the site that is hosting the CRLs and delta CRLs, perform the following command at a command line:




appcmd set config "Default Web Site/VDIR" -section:system.webServer/security/requestFiltering -allowDoubleEscaping:true




You have to replace VDIR with the name of the web site hosting the delta CRL, for example:




appcmd set config "Default Web Site/PKI" -section:system.webServer/security/requestFiltering -allowDoubleEscaping:true




To change the setting for the default Web site, use this command:




appcmd set config "Default Web Site" -section:system.webServer/security/requestFiltering -allowDoubleEscaping:true




For related information about the configuration of request filters in IIS7 is found on Microsoft TechNet.

Version history
Last update:
‎Feb 20 2020 02:45 PM
Updated by: