UAG Certificate Validation

Sometime it may be desirable to disable certificate validation for the SSL protected back-end services published via UAG. You can do this by editing the following registry keys:
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL
    • right-click ValidateRwsCert, select Modify, and change the Value data to 0
    • right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0
    • restart IIS
Please, note that disabling certificate validation process may not be an acceptable security practice in certain environments. For a complete list of UAG registry keys consult the following TechNet article. Also, there are different uses for certificates within UAG, to understand them better I strongly recommend reading through the following excellent blog post by Ben Ari.


Popular posts from this blog

PoSh Disable and Move AD Users

Skype for Business and VTC Interoperability

Mail-enabled security groups in Office 365