Certificate Path Validation

  • Article

Applies To: Windows Server 2008

As certificate use for secure communication and data protection is increasing, administrators can use certificate trust policy to enhance their control of certificate use and public key infrastructure performance by using certificate path validation options.

Certificate Path Validation settings in Group Policy allow administrators to:

  • Manage Trusted Root Certificates. This controls which root CA certificates and peer trust certificates in the user certificate and root certificate stores can be trusted.

  • Manage Trusted Publishers. This controls which code signing (Authenticode®) certificates can be accepted for use in the organization and blocks certificates that are not trusted according to policy

  • Manage Network Retrieval and Path Validation. This can compensate for situations where downloads of a certificate revocation list (CRL) fail because the CRL is too large, and network conditions are less than optimal.

  • Manage Revocation Checking Policy. Coordinates use of certificate revocation lists and online responders during revocation checking. This option also allows an administrator to extend the lifetime of responses received from an online responder or CRL.