Details
This policy setting controls whether online certificate revocation checks (OCSP/CRL) are required and if a check online is not possible the certificate will be treated as though it is revoked.
The recommended state for this is Enabled.
Rationale:
Certificates should always be validated, not doing so could potentially allow a revoked certificate being used to give a false sense of a secure connection.
Impact:
If Microsoft Edge is not able to obtain a revocation status, the certificate will be treated as though it is revoked, therefore the website will not be loaded.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled
Computer ConfigurationPoliciesAdministrative TemplatesMicrosoft EdgeSpecify if online OCSP/CRL checks are required for local trust anchors
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.
Default Value:
Disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.