Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Disable CRL checking in .NET's machine.config files
ForEach($ver in ("v2.0.50727","v4.0.30319")) {
ForEach($bitsize in ("","64"))
$xml = [xml](Get-Content $env:windir\Microsoft.NET\Framework$bitsize\$ver\CONFIG\Machine.config)
If (!$xml.DocumentElement.SelectSingleNode("runtime")) {
$runtime = $xml.CreateElement("runtime")
$xml.DocumentElement.AppendChild($runtime) | Out-Null
If (!$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence")) {
$gpe = $xml.CreateElement("generatePublisherEvidence")
$xml.DocumentElement.SelectSingleNode("runtime").AppendChild($gpe) | Out-Null
$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence").SetAttribute("enabled","false") | Out-Null

This comment has been minimized.

Copy link
Owner Author

commented Feb 17, 2015

This script can be used in test environments without an internet connection to prevent timeouts when trying to reach certificate revocation lists online. Don't disable this on production systems, it kind of defeats the purpose of SSL entirely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.