caption: Require online OCSP/CRL checks for local trust anchors
default: false
desc: |-
Setting the policy to True means <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> always performs revocation checking for successfully validated server certificates signed by locally installed CA certificates. If <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> can't get revocation status information, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> treats these certificates as revoked (hard-fail).
Setting the policy to False or leaving it unset means <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses existing online revocation-checking settings.
On <ph name="MAC_OS_NAME">macOS</ph>, this policy has no effect if the <ph name="CHROME_ROOT_STORE_ENABLED_POLICY_NAME">ChromeRootStoreEnabled</ph> policy is set to False.
example_value: false
features:
dynamic_refresh: true
per_profile: false
future_on:
- fuchsia
items:
- caption: Perform revocation checks for successfully validated server certificates
signed by locally installed CA certificates
value: true
- caption: Use existing online revocation-checking settings
value: false
owners:
- file://net/cert/OWNERS
- [email protected]
schema:
type: boolean
supported_on:
- chrome_os:30-
- chrome.linux:30-
- chrome.win:30-
- chrome.mac:109-
tags: []
type: main
Codebase Browser
chromium