Re: force certificate verification

From: Rick (mail@server.net)
Date: 06/19/02

• Next message: Rick: "Re: SSL on NT4"
• Previous message: x y: "Re: Has my system been compromised?"
• In reply to: S. Pidgorny [MVP]: "Re: force certificate verification"
• Next in thread: S. Pidgorny [MVP]: "Re: force certificate verification"
• Reply: S. Pidgorny [MVP]: "Re: force certificate verification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Rick" <mail@server.net>
Date: Wed, 19 Jun 2002 08:29:44 -0500

> but actually deny acess to the sites having invalid certificates...
Invalid or for which I have no local CA cert. i.e.
https://www.website.com's certificate was signed by xyz but I don't have a
CA for xyz.

The application is a custom app. Is it an IE setting? Or did IE's
behavior, with regard to fail/no fail change from version to version?

Many thanks,

Rick

"S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
news:OlFgOs2FCHA.2576@tkmsftngp12...
> That's probably not about the CRL check but about possibility not to warn
> but actually deny acess to the sites having invalid certificates...
>
> --
> Svyatoslav Pidgorny, MS MVP, MCSE
> -= F1 is the key =-
>
> "David Cross [MS]" <vaq130@nospam.hotmail.com> wrote in message
> news:#l4K75zFCHA.1600@tkmsftngp13...
> > which application do you want to force revocation checking on? it is
not
> > clear from your mail. revocation checking must be enabled on a
> > per-application basis.
> >
> > David B. Cross [MS]
> > http://support.microsoft.com
> >
> > "Rick" <mail@server.net> wrote in message
> >
news:D67443285D39FF50.A2BCB902D4EC80B8.956C698E766E1315@lp.airnews.net...
> > > On NT is seems as if I connect to a HTTPS server but don't have the CA
> > cert
> > > that signed the web server cert I can still proceed by clicking 'yes'
to
> > the
> > > warning prompts. Instead, I want the connection to fail. Basically,
> the
> > > way 2000 seems to handle it. How can I do this on NT?
> > >
> > >
> > > Thanks in advance
> > >
> > >
> >
> >
>
>

---

• Next message: Rick: "Re: SSL on NT4"
• Previous message: x y: "Re: Has my system been compromised?"
• In reply to: S. Pidgorny [MVP]: "Re: force certificate verification"
• Next in thread: S. Pidgorny [MVP]: "Re: force certificate verification"
• Reply: S. Pidgorny [MVP]: "Re: force certificate verification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: force certificate verification ... >> but actually deny acess to the sites having invalid certificates... ... > Invalid or for which I have no local CA cert. ... >>> which application do you want to force revocation checking on? ... (microsoft.public.security) Re: OAB not updating ... > This event may indicate invalid User Certificates within the Active ... > Turn OAL Generator Diagnostics Logging to at least "Medium". ... > Rebuild the Offline Address List. ... (microsoft.public.exchange2000.admin) Re: redirecting HTTPS on IIS6 ... -using IsapiRewrite4 asapi filter (works like mod rewrite but I get the ... domain https without renewing our old certificate but for now we are ... If the cert is invalid, you cannot avoid the user seeing the message - the ... (microsoft.public.inetserver.iis) Re: redirecting HTTPS on IIS6 ... we currently have a _VALID_ ssl cert for new-domain.ca and old ... domain https without renewing our old certificate but for now we are ... If the cert is invalid, you cannot avoid the user seeing the message - the ... (microsoft.public.inetserver.iis) Re: Problem with Exchange 2003 Offline Address Book ... > Event Source: MSExchangeSA ... > Entry 'USERNAME' has invalid or expired e-mail certificates. ... > - Default Offline Address List ... (microsoft.public.exchange.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)