Windows CRL caching

By default, both downloaded CRLs and OCSP responses are cached by a Windows client. If a
time-valid version of the CRL or OCSP response exists in the cache, the client will use the
cached version rather than downloading an updated CRL or submitting a new OCSP request. 

Caching related configuration is defined in the following registry hive:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config

A binary value of: 


defines when cache will be cleared. 

Force the cache to be cleared:

c:\> certutil –setreg chain\ChainCacheResyncFiletime @now

Force the cache to clear in 1 hour:

c:\> certutil –setreg chain\ChainCacheResyncFiletime @now+0:1

View current cache life time config:

c:\> certutil –getreg chain\ChainCacheResyncFiletime

1 comment:

  1. Slightly strange but with the cleaning of the cache I was extended by another
    problem that was a bug required an immediate msvcp140.dll download Have you ever had such a mistake before?
    I believe that these files were needed not by me alone, but several people who followed your advice also need this, in general, I'm happy to share what I have for the sake of everyone's good.