To revolve an CRL checking failure issue, I issued the comand: certutil -setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE It returns: Old Value: CRLFlags REG_DWORD = 2 CRLF_DELETE_EXPIRED_CRLS --2 New Value CRLFlags REG_DWORD = a (10) CRLF_DELETE_EXPIREDCRLS -- 2 CRLF_REVCHECK_IGNORE_OFFLINE -- 0 In regedit I can see the CRLFlags value has been changed, but how can I verify the values of CRLF_DELETE_EXPIREDCRLS and CRLF_REVCHECK_IGNORE_OFFLINE ? thanks

Hi, certutil setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE is used to tell them not ask the RootCA again when needs to start the Certification Authority Service. See the published paths by opening the Certificate Authority snap-in, and right-clicking the CA name and select Properties . Then, select the Extensions tab. In that snap-in, also right-click the Revoked Certificates and select Properties . Then, select the View CRL's tab. Best Regards Elytis Cheng Elytis Cheng TechNet Community Support