NoRootRevocationCheck

HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13

Data type Range Default value
REG_DWORD 0 | 1 1

Description

Prevents EAP-TLS from performing a revocation check of the EAP client's root public key certificate.

The revocation check verifies that the public key certificate (and the certificates in its certificate chain) have not been revoked.

This entry only eliminates the revocation check of the client's root certificate. A revocation check is still performed on the remainder of the client's certificate chain.

Value Meaning
0 EAP-TLS performs a revocation check on the client's entire certificate chain, including the root certificate.
1 EAP-TLS does not perform a revocation check on the root certificate.

You can use this entry to authenticate clients whose certificate does not include certificate revocation list distribution points (CDPs), such as those from third parties, and from the Microsoft Certificate Authority prior to Windows 2000. Also, this entry can prevent certification-related delays that occur when a certificate revocation list is offline or is expired.

Note Image Note

This entry is effective only when it appears in the registry of a RRAS server.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Tip Image Tip

This entry only disables the revocation check of the client's root certificate. To disable the revocation check of the entire certificate chain, use the NoRevocationCheck entry.

Related Entries

Page Image

Page Image