How Office Performs Certificate Revocation

Previous page
Table of content
Next page

Microsoft Office uses some of the security settings set by Microsoft Internet Explorer when it attempts to authenticate certificates of trust prior to use, even if the certificate is already accepted and present on a user’s computer. Each time an Office application attempts to run an executable signed with an attached certificate, one of the following events occurs if the Check for publisher’s certificate revocation check box is checked in the Internet Explorer Advanced settings dialog: either the server maintained by the certificate authority who issued the certificate is checked for a revocation status, or a cached file downloaded from that same certificate authority is examined (dependent on the update cycle of revocation information by the certificate authority). The only exception to this behavior is with a Microsoft ActiveX control that was already installed if the certificate of trust associated with the control was already accepted and is present in the Trusted Publishers Store.

The Check for publisher’s certificate revocation setting of Microsoft Internet Explorer is set to enabled by default during a non-customized installation of Internet Explorer. (In previous versions, certificate revocation was set to install in a disabled state.) Because Office inherits this setting from Internet Explorer, Office will automatically check for certificate revocation when installed. Administrators can turn off certificate revocation, but it is recommended that they keep this feature enabled.

This feature adds a slight amount of time to the handling of executables, because each application attempting to load and run a program with an associated certificate must determine whether a certificate has been listed as revoked. The certificate revocation check process can take even longer if the certificate revocation list is being downloaded for the first time from the certificate authority, or is being updated. However, once this list is cached to the user’s local drive, the revocation check is relatively short. This entire process is dependent on access to the Internet.

To check whether certificate revocation is enabled

  1. Start Internet Explorer.

  2. Click Tools, click Internet Options, and then click the Advanced tab.

  3. Under the Security section of the tree view control, set the Check for publisher’s certificate revocation check box to checked.

Note

If your company has chosen not to allow access to the Internet, or has closed off access to much of the Internet through a proxy server (firewall), it is recommended that you allow access to the various companies that provide certificate revocation checking so users can validate certificates of trust on a regular basis. Check with your network administrator or proxy server administrator for possible options you can explore to allow access to certificate revocation servers available from certificate authorities.



Previous page
Table of content
Next page
Microsoft Office 2003 Resource Kit 2003
Microsoft Office 2003 Editions Resource Kit (Pro-Resource Kit)
ISBN: 0735618801
EAN: 2147483647
Year: 2004
Pages: 196
Authors: Microsoft Corporation
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Developing Tablet PC Applications (Charles River Media Programming)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Competency-Based Human Resource Management
GO! with Microsoft Office 2003 Brief (2nd Edition)
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy