Shortcut: Disable certificate revocation checking to start SSMS faster

If you have ever started SQL Server Management Studio in an isolated environment (ie: one with no external Internet connectivity), you’ll find that it’s slower to start.

That’s because SQL Server uses signed assemblies, and whenever an application with signed assemblies starts, it needs to check whether or not the certificate that they were signed with has been revoked. It’s not good enough to just check if it’s a valid certificate.

Certificates include a CRL (Certificate Revocation List) and this tells an application that’s trusting the certificate where to check for a list of revoked certificates.

The problem is that when you try to locate a server in an isolated environment, you might see a delay of around 40 seconds as the DNS timeout occurs.

If you have an environment like this, you might decide that it’s safe to turn off this revocation checking. That’s a call you need to make, and if in doubt or don’t understand the issues, leave it on.

I often run across this though as I have isolated virtual machines running in Hyper-V on my laptop. SSMS isn’t going to be able to look these details up, nor is any other application running within the virtual machine.

Turning this off is a registry setting but can be done via your browser settings. For example, in Internet Explorer, look in Settings, Internet Options, then Advanced. Scroll down to find it:

Keep in mind that if you disable this, it applies to all checking of certificates on the machine. As I said, if in doubt, don’t do it.

2018-09-20