Information
This policy setting controls whether online certificate revocation checks (OCSP/CRL) are required and if a check online is not possible the certificate will be treated as though it is revoked.
The recommended state for this is Enabled.
Rationale:
Certificates should always be validated, not doing so could potentially allow a revoked certificate to be used to give a false sense of a secure connection.
Impact:
If Microsoft Edge is not able to obtain a revocation status, the certificate will be treated as though it is revoked, therefore the website will not be loaded.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Specify if online OCSP/CRL checks are required for local trust anchors
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.
Default Value:
Disabled.