Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specify if online OCSP/CRL checks are required for local trust anchors
Supported versions
- On Windows since 123 or later
Description
Control whether online revocation checks (OCSP/CRL checks) are required. If Microsoft Edge can't get revocation status information, these certificates are treated as revoked ("hard-fail").
If you enable this policy, Microsoft Edge always performs revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates.
If you don't configure or disable this policy, then Microsoft Edge uses the existing online revocation checking settings.
On macOS, this policy has no effect if the MicrosoftRootStoreEnabled policy is set to False.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: RequireOnlineRevocationChecksForLocalAnchors
- GP name: Specify if online OCSP/CRL checks are required for local trust anchors
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Disabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: RequireOnlineRevocationChecksForLocalAnchors
- Value type: REG_DWORD
Example registry value
0x00000000