CheckCertificateRevocation
IT Asset Management
(Cloud)
Command line | Registry
When transferring data to or from an inventory beacon using the HTTPS protocol, a web server certificate is applied to the data being transferred.
When receiving web server certificates from servers, the appropriate client-side component
checks the CA (certification authority) server to ensure that the certificates are not on the
CRL (certificate revocation list). If a component cannot check the CRL (for example, the CA
server is firewalled and cannot be contacted), the system may time out on the CRL download,
and consequently fail the revocation check. To avoid this, you can use the
CheckCertificateRevocation
preference to prevent components from
performing the CRL check. Tip: Turning off CRL checking should be only a temporary
measure while you fix the problem that prevents successful checking. It is poor security
practice to omit the check for certificate currency, since without this check your system
may continue to trust a certificate that has been compromised as part of a wider
attack.
You can set this as a common registry entry, so that the same behavior occurs across all components, and you can override the common behavior by setting an overriding registry entry for any individual component if required. By default, this preference is set so that all components check the CRL.
Values
Values / range |
Boolean ( |
Default value |
|
Example values |
|
Command line
Tool |
ndtrack, ndupload |
Example |
|
Registry
Installed by |
Manual configuration |
Computer preference |
[Registry]\ManageSoft\Common or
[Registry]\ManageSoft\<Component>\CurrentVersion
where <Component> is the registry key for an
individual component (Tracker , or Uploader ).Note: In
some circumstances only the specific path for a component works.
|
IT Asset Management (Cloud)
Current