HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
Name | Type | Description | Example | |
---|---|---|---|---|
Active | REG_SZ | Test14 - RootCA | ||
ConfigurationDirectory | REG_SZ | \\Test14-ROOT\CertConfig | ||
DBDirectory | REG_SZ | C:\Windows\system32\certlog | ||
DBFlags | REG_DWORD | 0xb0 | ||
DBLogDirectory | REG_SZ | C:\Windows\system32\certlog | ||
DBSessionCount | REG_DWORD | Maximum number of AD Connections. MinValue:4, Max: 1024 | 0xb0 | |
DBSystemDirectory | REG_SZ | C:\Windows\system32\certlog | ||
DBTempDirectory | REG_SZ | C:\Windows\system32\certlog | ||
LDAPFlags | REG_DWORD | 0 | ||
SetupFlags | REG_DWORD | 0x6001 | ||
Version | REG_DWORD | 0x700001 |
Bit | Value | Name | Description | ||
---|---|---|---|---|---|
0 | 1 | DBFLAGS_READONLY | |||
1 | 2 | DBFLAGS_CREATEIFNEEDED | |||
2 | 4 | DBFLAGS_CIRCULARLOGGING | |||
3 | 8 | DBFLAGS_LAZYFLUSH | |||
4 | 16 | DBFLAGS_MAXCACHESIZEX100 | |||
5 | 32 | DBFLAGS_CHECKPOINTDEPTH60MB | |||
6 | 64 | DBFLAGS_LOGBUFFERSLARGE | |||
7 | 128 | DBFLAGS_LOGBUFFERSHUGE | |||
8 | 256 | DBFLAGS_LOGFILESIZE16MB | |||
9 | 512 | DBFLAGS_MULTITHREADTRANSACTIONS | |||
10 | 1024 | DBFLAGS_DISABLESNAPSHOTBACKUP |
Bit | Value | Name | Description |
---|---|---|---|
0 | 1 | LDAPF_SSLENABLE | |
1 | 2 | LDAPF_SIGNDISABLE |
Value | Description |
---|---|
0x00010001 | Windows 2000 Server |
0x00020002 | Windows Server 2003 |
0x00030001 | Windows Server 2008 |
0x00040001 | Windows Server 2008 R2 |
0x00050001 | Windows Server 2012 |
0x00050001 | Windows Server 2012 R2 without [MSKB-3013769] |
0x00060001 | Windows Server 2012 R2 with [MSKB-3013769] |
0x00070001 | Windows Server 2016 |
0x00080001 | Windows Server 2019 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\xxx\
Name | Type | Certutil | Description | Example |
---|---|---|---|---|
AuditFilter | DWORD32 | CA\AuditFilter\What to log in eventlog | ||
CACertFileName | REG_SZ | CA\CaCertFileName | ||
CACertHash | REG_MULTI_SZ | CA\CertHash | ||
CACertPublicationURLs | REG_MULTI_SZ | CA\CACertPublicationURLs | ||
CAServerName | REG_SZ | CA\ServerName | ||
CAType | DWORD32 | - | 0=Enterprise Root,1=Enterprise SubCA, 3 = StandaloneRootCA , 4=Standalone SubCA.5=Unknown CA Only set during installation. | |
CAXchgCertHash | REG_MULTI_SZ | - | SHA1 hash of the current CA exchange certificate. Certificate itself is stored in the Request table of the .EDB database | - |
CAXchgCertOverlapPeriod | ||||
CAXchgCertOverlapPeriodUnits | ||||
CAXchgCertValidityPeriod | ||||
CAXchgCertValidityPeriodUnits | ||||
CertEnrollCompatible | ||||
ClockSkewMinutes | ||||
CommonName | REG_SZ | CA\CommonName | Name of CA,Used in the Certificate Authority GUI.and in <CERTIFICATENAME> |
ValidityPeriodUnits | DWORD32 | CA\ValidityPeriod | Only set on Root CA. Length of SUBCA certficates issued by Root CA (Days,Weeks,Years) |
ValidityPeriod | DWORD32 | CA\ValidityPeriod | Only set on Root CA. Length of SUBCA certficates issued by Root CA |
CRLPeriodUnits | DWORD32 | CA\CRLPeriodUnits | |
CRLPeriod | DWORD32 | CA\CRLPeriodUnits | |
DomainCN | string | CA\DomainCN | |
DomainCN | string | CA\DomainCN |
(for the Policy Module) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\xxx\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy
RequestDisposition REG_DWORD REQDISP_ISSUE – 1 = Auto Issue the certificate REQDISP_PENDINGFIRST – 100 = Set Request to Pending REQDISP_DENY – 2 = Deny
(Key Usage) EditFlags REG_DWORD = 83ee (33774) (Default value) EDITF_REQUESTEXTENSIONLIST – 2 EDITF_DISABLEEXTENSIONLIST – 4 EDITF_ADDOLDKEYUSAGE – 8 EDITF_ATTRIBUTEENDDATE – 20 (32) EDITF_BASICCONSTRAINTSCRITICAL – 40 (64) EDITF_BASICCONSTRAINTSCA – 80 (128) EDITF_ENABLEAKIKEYID – 100 (256) EDITF_ATTRIBUTECA – 200 (512) EDITF_ATTRIBUTEEKU – 8000 (32768) EDITF_ATTRIBUTEENDDATE - Enables certificate requests to set validiy of certificate to another value, not spesified in the template. (Still cannot have a certificate valid LONGER than what is spesificed in the template)