HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13
Data type | Range | Default value |
---|---|---|
REG_DWORD | 0 | 1 | 0 |
Lets EAP-TLS clients connect even when the server does not perform or cannot complete a revocation check of the client's certificate chain (excluding the root certificate). Typically, revocation checks fail because the certificate doesn't include revocation information.
By default, an EAP-TLS client cannot connect unless the server completes a revocation check of the client's certificate chain (including the root certificate) and verifies that none of the certificates has been revoked. However, you can use this entry to override the default behavior.
This entry does not interfere with the revocation check. Also, it does not permit clients to connect if the revocation check reveals that a certificate in the chain has been revoked.
Value | Meaning |
---|---|
0 | Clients cannot connect unless a revocation check completes successfully. |
1 | Permits clients to connect even when the revocation check cannot be completed. |
You can use this entry to authenticate clients whose certificate does not include certificate revocation list distribution points (CRPs), such as those from third parties, and from the Microsoft Certificate Authority prior to Windows 2000.
Note
This entry is effective only when it appears in the registry of a RRAS server.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Related Entries