IIS, CRL checking, CertCheckMode=4 and RevocationFreshnessTime Metabase Property

While recently working on a related incident, I noticed that a lot of folks are getting issues with the usage of CertCheckMode=4 (MD_CERT_CHECK_REVOCATION_FRESHNESS_TIME) in IIS6. This feature is supposed to allow frequent CRL refresh per IIS documentation : The client CRL is replaced by the CRL at a remote location, even if the CRL that…

1