RegKeys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration

Name	Type	Description	Example
Active	REG_SZ		Test14 - RootCA
ConfigurationDirectory	REG_SZ		\\Test14-ROOT\CertConfig
DBDirectory	REG_SZ		C:\Windows\system32\certlog
DBFlags	REG_DWORD		0xb0
DBLogDirectory	REG_SZ		C:\Windows\system32\certlog
DBSessionCount	REG_DWORD	Maximum number of AD Connections. MinValue:4, Max: 1024	0xb0
DBSystemDirectory	REG_SZ		C:\Windows\system32\certlog
DBTempDirectory	REG_SZ		C:\Windows\system32\certlog
LDAPFlags	REG_DWORD			0
SetupFlags	REG_DWORD		0x6001
Version	REG_DWORD		0x700001

DB Flags

Bit	Value	Name	Description
0	1	DBFLAGS_READONLY
1	2	DBFLAGS_CREATEIFNEEDED
2	4	DBFLAGS_CIRCULARLOGGING
3	8	DBFLAGS_LAZYFLUSH
4	16	DBFLAGS_MAXCACHESIZEX100
5	32	DBFLAGS_CHECKPOINTDEPTH60MB
6	64	DBFLAGS_LOGBUFFERSLARGE
7	128	DBFLAGS_LOGBUFFERSHUGE
8	256	DBFLAGS_LOGFILESIZE16MB
9	512	DBFLAGS_MULTITHREADTRANSACTIONS
10			1024	DBFLAGS_DISABLESNAPSHOTBACKUP

LDAP Flags

Bit	Value	Name	Description
0	1	LDAPF_SSLENABLE
1	2	LDAPF_SIGNDISABLE

Version

Value	Description
0x00010001	Windows 2000 Server
0x00020002	Windows Server 2003
0x00030001	Windows Server 2008
0x00040001	Windows Server 2008 R2
0x00050001	Windows Server 2012
0x00050001	Windows Server 2012 R2 without [MSKB-3013769]
0x00060001	Windows Server 2012 R2 with [MSKB-3013769]
0x00070001	Windows Server 2016
0x00080001	Windows Server 2019

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\xxx\

Name	Type	Certutil	Description	Example
AuditFilter	DWORD32	CA\AuditFilter\What to log in eventlog
CACertFileName	REG_SZ	CA\CaCertFileName
CACertHash	REG_MULTI_SZ	CA\CertHash
CACertPublicationURLs	REG_MULTI_SZ	CA\CACertPublicationURLs
CAServerName	REG_SZ	CA\ServerName
CAType	DWORD32	-	0=Enterprise Root,1=Enterprise SubCA, 3 = StandaloneRootCA , 4=Standalone SubCA.5=Unknown CA Only set during installation.
CAXchgCertHash	REG_MULTI_SZ	-	SHA1 hash of the current CA exchange certificate. Certificate itself is stored in the Request table of the .EDB database	-
CAXchgCertOverlapPeriod
CAXchgCertOverlapPeriodUnits
CAXchgCertValidityPeriod
CAXchgCertValidityPeriodUnits
CertEnrollCompatible
ClockSkewMinutes
CommonName	REG_SZ	CA\CommonName	Name of CA,Used in the Certificate Authority GUI.and in <CERTIFICATENAME>

ValidityPeriodUnits	DWORD32	CA\ValidityPeriod	Only set on Root CA. Length of SUBCA certficates issued by Root CA (Days,Weeks,Years)
ValidityPeriod	DWORD32	CA\ValidityPeriod	Only set on Root CA. Length of SUBCA certficates issued by Root CA
CRLPeriodUnits	DWORD32	CA\CRLPeriodUnits
CRLPeriod	DWORD32	CA\CRLPeriodUnits
DomainCN	string	CA\DomainCN
DomainCN	string	CA\DomainCN

(for the Policy Module) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\xxx\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy

RequestDisposition REG_DWORD REQDISP_ISSUE – 1 = Auto Issue the certificate REQDISP_PENDINGFIRST – 100 = Set Request to Pending REQDISP_DENY – 2 = Deny

(Key Usage) EditFlags REG_DWORD = 83ee (33774) (Default value) EDITF_REQUESTEXTENSIONLIST – 2 EDITF_DISABLEEXTENSIONLIST – 4 EDITF_ADDOLDKEYUSAGE – 8 EDITF_ATTRIBUTEENDDATE – 20 (32) EDITF_BASICCONSTRAINTSCRITICAL – 40 (64) EDITF_BASICCONSTRAINTSCA – 80 (128) EDITF_ENABLEAKIKEYID – 100 (256) EDITF_ATTRIBUTECA – 200 (512) EDITF_ATTRIBUTEEKU – 8000 (32768) EDITF_ATTRIBUTEENDDATE - Enables certificate requests to set validiy of certificate to another value, not spesified in the template. (Still cannot have a certificate valid LONGER than what is spesificed in the template)

Geir's Wiki of things to remember

Sidebar

vRealize

PowerShell

NPS

Software

Win32 API

RegKeys

DB Flags

LDAP Flags

Version

Geir's Wiki of things to remember

User Tools

Site Tools

Sidebar

vRealize

PowerShell

NPS

Software

Win32 API

RegKeys

DB Flags

LDAP Flags

Version

Page Tools