Site Slowness due to Certificate CRL Checking.

Issue:- You can have ADFS sites or Kerberos or basic configuration sites using hardware appliances for NLB e.g. F5 or Big IP or you can also be using SiteMinder. You may experience slowness while loading the site.

Troubleshooting:-

If you collect Fiddler trace you will see CRL checking to Microsoft site.

GET https://crl.microsoft.com/pki/crl/products/CSPCA.crl

GET https://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl

Resolution:-

1. Disabled Certification Revocation checking.

https://support.microsoft.com/kb/2625048

OR

1. netsh http show sslcert (* check if 'Verify Client Certificate Revocation : Enabled' *)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443 -> DefaultSslCertCheckMode = 1

2. reboot server

3. netsh http show sslcert (* check if 'Verify Client Certificate Revocation : Disabled' *)