IE CRL check FAIL…
March 2nd, 2011
2 comments
Just follow the steps below:
1. IE setting for CRL checking of the server certificate is enabled
2. Set the hostnames of servers hosting the CRL and /or OCSP to 127.0.0.1 in your hosts file
3. Execute [certutil.exe -urlcache * delete] to remove all cached CRLs
4. Start your browser and tell it to HTTPS:// to the site
5. It will take some time trying to check the CRL/OCSP from the non-existing server
6. After that you are on the site without any warnings! Not really what I expected?!
Firefox gives the same results and only Google Chrome gives us a warning…
What if the same happens with Code Signing? Interesting case we have!
/Hasain
