VerifySignatureCertificateRevocation
VerifySignatureCertificateRevocation
controls whether the signing
certificate and intermediate certificate trust chain is checked against public certificate
revocation lists. By default, this setting is enabled to ensure the maximum level of security
against issues with certificates that need to be revoked. Since some agent environments may
not or have access to, or are intentionally blocked, from Internet access, this setting can be
disabled to skip certificate revocation checks. However, this will result in a degraded
experience in the event a certificate needs to be revoked, and can result in an in-determinant
gap between the time a certificate is revoked and a newly signed agent upgrade package is made available (though such a time period would
be as minimal as possible). flxconfig contains additional logic built
into it to provide a second level of revocation checking that does not require Internet
access, but ultimately revocation is maintained by a public certificate authority.
Values
Values / range |
Boolean ( |
Default value |
|
Registry
Computer preference |
|
IT Asset Management (Cloud)
Current