CertCheckMode Metabase Property (IIS 6.0)
The CertCheckMode Metabase Property enables or disables Certificate Revocation List (CRL) checking. CertCheckMode is set to 0 by default (CertCheckMode=0), which means that IIS by default searches for an updated CRL.
This metabase property is closely related to the RevocationFreshnessTime Metabase Property and the RevocationURLRetrievalTimeout Metabase Property.
| Attribute Name | Attribute Value |
XML Data Type | DWORD |
WMI Data Type | SINT32 |
ADSI Data Type | DWORD |
ABO Data Type | DWORD |
ABO Metabase Identifier | MD_CERT_CHECK_MODE |
Attributes | INHERIT |
Default Value | 0 |
MetaFlagsEx | CACHE_PROPERTY_MODIFIED |
User Type | IIS_MD_UT_SERVER |
ID | 2160 |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
| Metabase Path | IIS Admin Object Type |
/LM/W3SVC/n | IIsWebServer |
/LM/W3SVC | IIsWebService |
Values
| Constant | Value | Description |
MD_CERT_NO_REVOC_CHECK | 0x00000001 | Certificate revocation checking is not performed. |
MD_CERT_CACHE_RETRIEVAL_ONLY | 0x00000002 | During certificate revocation verification, the CRL will not be updated from a remote location, such as a CRL at an external URL. In this case, the CRL that is cached on the client is used. If the CRL is expired, the certificate revocation verification fails. |
MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME | 0x00000004 | The client CRL is replaced by the CRL at a remote location, even if the CRL that is cached on the client is valid. The value of the RevocationFreshnessTime Metabase Property determines the frequency of this action. |
MD_CERT_NO_USAGE_CHECK | 0x00010000 | The certificate provided by the client is not verified as valid. |
Important
The MD_CERT_NO_REVOC_CHECK, MD_CERT_CACHE_RETRIEVAL_ONLY, and MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME flags are mutually exclusive.
Code Example
For general code examples, see Code Examples to Configure Metabase Properties.
Related Topics
| • | For more information about using SSL and certificates with IIS 6.0, see Encryption in IIS 6.0. |
| • | For more information about certificate revocation and CRLs, see Revoking Certificates and Publishing CRLs in Windows Server 2003 documentation. |