CertCheckMode Metabase Property (IIS 6.0)
The CertCheckMode Metabase Property enables or disables Certificate Revocation List (CRL) checking. CertCheckMode is set to 0 by default (CertCheckMode=0), which means that IIS by default searches for an updated CRL.
This metabase property is closely related to the RevocationFreshnessTime Metabase Property and the RevocationURLRetrievalTimeout Metabase Property.
XML Data Type
WMI Data Type
ADSI Data Type
ABO Data Type
ABO Metabase Identifier
You can configure this property at the following locations in the IIS metabase.
Certificate revocation checking is not performed.
During certificate revocation verification, the CRL will not be updated from a remote location, such as a CRL at an external URL. In this case, the CRL that is cached on the client is used. If the CRL is expired, the certificate revocation verification fails.
The client CRL is replaced by the CRL at a remote location, even if the CRL that is cached on the client is valid. The value of the RevocationFreshnessTime Metabase Property determines the frequency of this action.
The certificate provided by the client is not verified as valid.
The MD_CERT_NO_REVOC_CHECK, MD_CERT_CACHE_RETRIEVAL_ONLY, and MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME flags are mutually exclusive.
For general code examples, see Code Examples to Configure Metabase Properties.