Policy
Missing CRLs
Microsoft Office
Policy overview
Key metadata and intent for this policy.
This policy setting controls whether Outlook considers a missing certificate revocation list (CRL) a warning or an error. Digital certificates contain an attribute that shows where the corresponding CRL is located. CRLs contain lists of digital certificates that have been revoked by their controlling certification authorities (CAs), typically because the certificates were issued improperly or their associated private keys were compromised. If a CRL is missing or unavailable, Outlook cannot determine whether a certificate has been revoked. Therefore, an improperly issued certificate or one that has been compromised might be used to gain access to data. If you enable this policy setting, you can choose between two options that determine how Outlook functions when a CRL is missing: - Warning. This option is the default configuration in Outlook and ensures that Outlook displays a warning message when a CRL is missing. - Error. This option ensures that Outlook displays an error message when a CRL is missing. If you disable or do not configure this policy setting, Outlook displays a warning message when a CRL is not available.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| User | Indicate a missing CRL as a(n): ID L_IndicateamissingCRLasan | enum | Path software\policies\microsoft\office\16.0\outlook\security Value name sigstatusnocrl Type REG_DWORD | Options: Warning (0), Error (1) |