iis security: ssl certificate box takes long time to pop up on IE -- iis security

ssl certificate box takes long time to pop up on IE

RA
2/24/2005 12:05:04 PM

iis security: Hi

I am ruuning SSL on Windows server 2003 for Exchange 2003 OWA. I am using my
windows server 2003 as an internal CA for the certificate. My problem is that
when accessing OWA it takes about 10-15 seconds or more sometimes for the ssl
cert dialog box to pop up. Anyone know why it takes so long only on IE? Its a
lot faster on Firefox, although its a better experience as far as features go

Re: ssl certificate box takes long time to pop up on IE

Miha Pihler [MVP]
2/24/2005 9:39:29 PM

Hi,

My guess would be that your IE is (trying to) check your CRL list to see if
the certificate is revoked. I am not sure how your CA is setup, but by
default CRL link will point to e.g. file system, active directory, etc. Now
when you try to access your OWA, you probably don't have file access to the
server where CRL is or LDAP access to active directory to query it about CRL
etc...
So, IE will check all CRL URLs, but it will take some time (till time out
occurs). After time-out it will move on to next CRL URL and so on till there
are no CRL URLs left... If you would set your IE to really high security it
would not allow you to access OWA unless it would be able to check CRL.

If this is a problem then solution would be to setup your CA correctly in a
way that would allow external users to check CRL whenever this was needed.

I don't know how FireFox does it's CRL checking...

--
Mike
Microsoft MVP - Windows Security

[quoted text, click to view]