CertCheckMode Metabase Property
Applies To: Windows Server 2003, Windows Server 2003 with SP1
The CertCheckMode Metabase Property enables or disables Certificate Revocation List (CRL) checking. CertCheckMode is set to 0 by default (CertCheckMode=0), which means that IIS by default searches for an updated CRL.
This metabase property is closely related to the RevocationFreshnessTime Metabase Property and the RevocationURLRetrievalTimeout Metabase Property.
Attribute Name | Attribute Value |
---|---|
XML Data Type |
DWORD |
WMI Data Type |
SINT32 |
ADSI Data Type |
DWORD |
ABO Data Type |
DWORD |
ABO Metabase Identifier |
MD_CERT_CHECK_MODE |
Attributes |
INHERIT |
Default Value |
0 |
MetaFlagsEx |
CACHE_PROPERTY_MODIFIED |
User Type |
IIS_MD_UT_SERVER |
ID |
2160 |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
Metabase Path | IIS Admin Object Type |
---|---|
/LM/W3SVC/n |
IIsWebServer |
/LM/W3SVC |
IIsWebService |
Values
Constant | Value | Description |
---|---|---|
MD_CERT_NO_REVOC_CHECK |
0x00000001 |
Certificate revocation checking is not performed. |
MD_CERT_CACHE_RETRIEVAL_ONLY |
0x00000002 |
During certificate revocation verification, the CRL will not be updated from a remote location, such as a CRL at an external URL. In this case, the CRL that is cached on the client is used. If the CRL is expired, the certificate revocation verification fails. |
MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME |
0x00000004 |
The client CRL is replaced by the CRL at a remote location, even if the CRL that is cached on the client is valid. The value of the RevocationFreshnessTime Metabase Property determines the frequency of this action. |
MD_CERT_NO_USAGE_CHECK |
0x00010000 |
The certificate provided by the client is not verified as valid. |
Important
The MD_CERT_NO_REVOC_CHECK, MD_CERT_CACHE_RETRIEVAL_ONLY, and MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME flags are mutually exclusive.
Code Example
For general code examples, see Code Examples to Configure Metabase Properties.
Related Topics
For more information about using SSL and certificates with IIS 6.0, see Encryption in IIS 6.0.
For more information about certificate revocation and CRLs, see Revoking Certificates and Publishing CRLs in Windows Server 2003 documentation.