As certificate use for secure communication and data protection is increasing, administrators can use certificate trust policy to enhance their control of certificate use and public key infrastructure performance by using certificate path validation settings.
Certificate path validation settings in Group Policy allow administrators to:
- Manage Trusted Root
Certificates. These policy settings control which root
certification authority (CA) certificates and peer trust
certificates in the user certificate and root certificate stores
can be trusted.
- Manage Trusted
Publishers. These policy settings control which code signing
(Authenticode) certificates can be accepted for use in the
organization and blocks certificates that are not trusted according
to policy.
- Manage Network Retrieval
and Path Validation. These policy settings can be used to
compensate for situations in which downloads of a certificate
revocation list (CRL) fail because the CRL is too large and network
conditions are not optimal.
- Manage Revocation
Checking Policy. These policy settings can be used to
coordinate use of CRLs and Online Responders during revocation
checking. This option also allows an administrator to extend the
lifetime of responses received from an Online Responder or CRL.