+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, Is this secure? in Technical; To get some software to work I've had to Disable the GPO option "Check for server certificate revocation" for student ...
  1. #1

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241

    Is this secure?

    To get some software to work I've had to Disable the GPO option "Check for server certificate revocation" for student users.

    Can somebody explain what this means and whether disabling it shouldn't open any security holes?

    Thanks,

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Disabling it is a bad idea.

    When a certificate is published, the certificate authority has no further control over it until it expires. So if the certificate is used for Bad Things™, it can give the user a sense of trust without any justification.

    So instead, authorities embed a link to a revocation (from the verb to revoke) list in the certificate, and the browser checks this before allowing the connection. If the certificate has been revoked, an error is displayed.

    Disabling the check disables this protection.

  3. #3
    pwds's Avatar
    Join Date
    Dec 2008
    Location
    Derby
    Posts
    279
    Thank Post
    73
    Thanked 48 Times in 38 Posts
    Rep Power
    20
    Check for updates for the software in question.

    Certificate Revocation means that the content is signed but with a certificate that has been revoked by the issuing agency. This could be for a variety of reasons.

    Effectively it means your content cannot be trusted as having come unaltered from the stated source, if downloaded potentially a huge problem, on a official CD perhaps less so.

    No doubt someone with more insight than me with have something to add.

  4. #4

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    So, why do I need to disable this to get the software to work? I'm waiting to hear back from the software support.

    The software in question is a local exe that then pulls it's users etc from a secure site (at their end). When I first installed this software it worked, then went off a couple of weeks ago.

    Do you think the problem is more related to a certificate at their end? And should I tell them to sort it at their end rather than me possibly opening up a hole?

  5. #5

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    a) the certificate has been revoked b) the revocation list is unavailable c) the revocation list can't be fetched through your filter or d) some other problem.

  6. Thanks to powdarrmonkey from:

    Hightower (17th June 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 13th April 2009, 06:29 PM
  2. Secure Erase
    By Dafty in forum Hardware
    Replies: 9
    Last Post: 27th March 2009, 11:11 PM
  3. So much for Macs being secure
    By Disease in forum Mac
    Replies: 46
    Last Post: 31st March 2008, 09:51 AM
  4. Secure Printing
    By FreeWill in forum Wireless Networks
    Replies: 2
    Last Post: 9th October 2007, 11:45 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •