As certificate use for secure communication and data protection is increasing, administrators can use certificate trust policy to enhance their control of certificate use and public key infrastructure performance by using certificate path validation settings.
Certificate path validation settings in Group Policy allow administrators to:
-
Manage Trusted Root Certificates. These policy settings control which root certification authority (CA) certificates and peer trust certificates in the user certificate and root certificate stores can be trusted.
-
Manage Trusted Publishers. These policy settings control which code signing (Authenticode) certificates can be accepted for use in the organization and blocks certificates that are not trusted according to policy.
-
Manage Network Retrieval and Path Validation. These policy settings can be used to compensate for situations in which downloads of a certificate revocation list (CRL) fail because the CRL is too large and network conditions are not optimal.
-
Manage Revocation Checking Policy. These policy settings can be used to coordinate use of CRLs and Online Responders during revocation checking. This option also allows an administrator to extend the lifetime of responses received from an Online Responder or CRL.