Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Windows 10 version 1511 TLS Server certificate validation optimization only supports computer-disallowed certificates

Windows 10 version 1511 TLS Server certificate validation optimization only supports computer-disallowed certificates

Symptoms

In Windows 10 (version 1511 or later), Windows clients no longer recognize certificates in the current user’s disallowed certificate store as revoked. Therefore, Windows clients can successfully navigate to websites that were previously inaccessible.

↑ Back to the top

Cause

Windows introduced an optimization in version 1511 to move SSL Server certificate validation into lsass.exe. This optimization does not check the current user's disallowed certificate store for SSL Server certificates.

↑ Back to the top

Resolution

To resolve this issue, add root certificates to the local computer’s disallowed certificate store. This prevents Windows clients from successfully navigating to websites that are protected by certificates that chain to the certificate in the computer’s disallowed certificate store.

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 3183950
Revision : 1
Created on : 1/7/2017
Published on : 8/10/2016
Exists online : False
Views : 56