Certificate validation method

Enable this group policy to configure the certificate validation method.

Red Hat Linux supports use of a Certificate Revocation List (CRL) to validate certificates. Information about the status of certificates is stored on a revocation server. The security system of Red Hat Linux can check the revocation server to validate the certificate.

Select one of the following validation options:
1) Off: No revocation checking will be performed.
2) Best attempt: The certificate passes unless an indication of a bad certificate is returned from the server. This setting is best for most circumstances.
3) Require if cert indicates: If the URL to the revocation server is provided in the certificate, this setting requires a successful connection to a revocation server and no indication of a bad certificate. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.
4) Require for all certs: This setting requires successful validation of all certificates. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\UnixSettings\Security\RHELCertRevocationCheck
Value NameRHELCertRevocationCheck
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Client alive interval (seconds):

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\UnixSettings\Security\RHELCertRevocationCheck
Value NameRHELCertRevocationCheck
Value TypeREG_DWORD
Default Value0
Min Value0
Max Value

centrify_linux_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)