Enable this group policy to configure the certificate validation method.
Red Hat Linux supports use of a Certificate Revocation List (CRL) to validate certificates. Information about the status of certificates is stored on a revocation server. The security system of Red Hat Linux can check the revocation server to validate the certificate.
Select one of the following validation options:
1) Off: No revocation checking will be performed.
2) Best attempt: The certificate passes unless an indication of a bad certificate is returned from the server. This setting is best for most circumstances.
3) Require if cert indicates: If the URL to the revocation server is provided in the certificate, this setting requires a successful connection to a revocation server and no indication of a bad certificate. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.
4) Require for all certs: This setting requires successful validation of all certificates. Use only in a tightly controlled environment that guarantees the presence of a CRL server. If a CRL server is not available, SSL and S/MIME evaluations could hang or fail.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\UnixSettings\Security\RHELCertRevocationCheck |
Value Name | RHELCertRevocationCheck |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\UnixSettings\Security\RHELCertRevocationCheck |
Value Name | RHELCertRevocationCheck |
Value Type | REG_DWORD |
Default Value | 0 |
Min Value | 0 |
Max Value |