IE – Enable Certificate Revocation Failure Notification
Internet Explorer 7 and later. In order to confirm the identity of organizations that host secure webpages, certifying authorities issue security certificates. These certificates are validated when you request a secure webpage.
By default, Internet Explorer performs a number of steps in order to validate the security certificate for a secure website. If a certificate is invalid, is out-of-date, or improperly identifies the website in question, Internet Explorer displays a notification to the user.
As an additional verification step, many certifying authorities also provide a service that identifies certificates that have been recently revoked. Earlier versions of Internet Explorer displayed notifications when this service could not be reached.
Because the inability to reach these services does not necessarily indicate that a certificate has been revoked, many users complained that such notifications were “false positives.” After considerable negative feedback, these notifications were disabled by default in Internet Explorer 7 and later.
When enabled, the FEATURE_WARN_ON_SEC_CERT_REV_FAILED feature displays notifications when Internet Explorer cannot reach the certificate revocation service published by a certifying authority. By default, this feature is disabled for Internet Explorer. This feature is not supported for applications hosting the WebBrowser Control.
To enable this feature using the registry, add the name of the Internet Explorer executable file to the following setting.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
“iexplore.exe”=dword:00000001
The feature is enabled when the value is set to (DWORD) 00000001 and disabled when the value is (DWORD) 00000000.
