Instantly share code, notes, and snippets.

Embed
What would you like to do?
Disable CRL checking in .NET's machine.config files
ForEach($ver in ("v2.0.50727","v4.0.30319")) {
ForEach($bitsize in ("","64"))
{
$xml = [xml](Get-Content $env:windir\Microsoft.NET\Framework$bitsize\$ver\CONFIG\Machine.config)
If (!$xml.DocumentElement.SelectSingleNode("runtime")) {
$runtime = $xml.CreateElement("runtime")
$xml.DocumentElement.AppendChild($runtime) | Out-Null
}
If (!$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence")) {
$gpe = $xml.CreateElement("generatePublisherEvidence")
$xml.DocumentElement.SelectSingleNode("runtime").AppendChild($gpe) | Out-Null
}
$xml.DocumentElement.SelectSingleNode("runtime/generatePublisherEvidence").SetAttribute("enabled","false") | Out-Null
$xml.Save("$env:windir\Microsoft.NET\Framework$bitsize\$ver\CONFIG\Machine.config")
}
}
@thomasvochten

This comment has been minimized.

Owner

thomasvochten commented Feb 17, 2015

This script can be used in test environments without an internet connection to prevent timeouts when trying to reach certificate revocation lists online. Don't disable this on production systems, it kind of defeats the purpose of SSL entirely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment