hi There, I have enabled CAPI2 logging on the event log and I can see pretty many Event IDs 11, 30, 41 and 42. They are all from external vendors CRLes because of I'm using the external certificates on my server, but this server is unable to connect to the Internet so. Should I worry about these or can I make the server to not check the CRLs. Or what will be the correct way to solve these? I have tried to disable the CRL check from local policy, but in my mind that will affect only for the IE not anything else. The processes in these events are mostly the Lync processes. -- Petri

Why would you bother putting a commercially issued certificate on a server that cannot access the Internet? It would be better to do one of the following: 1) Configure the server to connect to the Internet through a proxy 2) Issue a private CA-issued certificate to the server so that they can access locally accessible CA certificates Turning off revocation checking is never an option, IMHO Brian

I know that disabling the CRL is bad idea, no doubt. But when you are forced to use certificates (because of the product requirement) and you do not have internal PKI because of other reasons you are there. I prefer the disabling it now, as our proxy requires authentication, so it wont be easy path either... But what is the correct way to get it disabled? As the local policy seems to not solve it. -- Petri