|Data type||Range||Default value|
|REG_DWORD||0 | 1||1|
Prevents EAP-TLS from performing a revocation check of the EAP client's root public key certificate.
The revocation check verifies that the public key certificate (and the certificates in its certificate chain) have not been revoked.
This entry only eliminates the revocation check of the client's root certificate. A revocation check is still performed on the remainder of the client's certificate chain.
|0||EAP-TLS performs a revocation check on the client's entire certificate chain, including the root certificate.|
|1||EAP-TLS does not perform a revocation check on the root certificate.|
You can use this entry to authenticate clients whose certificate does not include certificate revocation list distribution points (CDPs), such as those from third parties, and from the Microsoft Certificate Authority prior to Windows 2000. Also, this entry can prevent certification-related delays that occur when a certificate revocation list is offline or is expired.
This entry is effective only when it appears in the registry of a RRAS server.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
This entry only disables the revocation check of the client's root certificate. To disable the revocation check of the entire certificate chain, use the NoRevocationCheck entry.