Перейти к содержанию

20.07.2011

Certification Authority настройки по умолчанию для Windows Server 2008 R2 SP1

Конфигурация Certification Authority (CA) по умолчанию в Windows Server 2008 R2 Enterprise SP1.

certutil -v -getreg *

certutil -v -getreg *

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\*:

Keys:
YourName Root Certification Authority

Values:
Active                   REG_SZ = YourName Root Certification Authority
DBDirectory              REG_SZ = C:\Windows\system32\CertLog
DBLogDirectory           REG_SZ = C:\Windows\system32\CertLog
DBTempDirectory          REG_SZ = C:\Windows\system32\CertLog
DBSystemDirectory        REG_SZ = C:\Windows\system32\CertLog

DBSessionCount           REG_DWORD = 64 (100)
LDAPFlags                REG_DWORD = 0
(LDAPF_SSLENABLE — 1)
(LDAPF_SIGNDISABLE — 2)

DBFlags                  REG_DWORD = b0 (176)
(DBFLAGS_READONLY — 1)
(DBFLAGS_CREATEIFNEEDED — 2)
(DBFLAGS_CIRCULARLOGGING — 4)
(DBFLAGS_LAZYFLUSH — 8)
DBFLAGS_MAXCACHESIZEX100 — 10 (16)
DBFLAGS_CHECKPOINTDEPTH60MB — 20 (32)
(DBFLAGS_LOGBUFFERSLARGE — 40 (64))
DBFLAGS_LOGBUFFERSHUGE — 80 (128)
(DBFLAGS_LOGFILESIZE16MB — 100 (256))
(DBFLAGS_MULTITHREADTRANSACTIONS — 200 (512))
(DBFLAGS_DISABLESNAPSHOTBACKUP — 400 (1024))
(DBFLAGS_ENABLEVOLATILEREQUESTS — 800 (2048))

Version                  REG_DWORD = 40001 (262145) — 4.1
SetupStatus              REG_DWORD = 6003 (24579)
SETUP_SERVER_FLAG — 1
SETUP_CLIENT_FLAG — 2
(SETUP_SUSPEND_FLAG — 4)
(SETUP_REQUEST_FLAG — 8)
(SETUP_ONLINE_FLAG — 10 (16))
(SETUP_DENIED_FLAG — 20 (32))
(SETUP_CREATEDB_FLAG — 40 (64))
(SETUP_ATTEMPT_VROOT_CREATE — 80 (128))
(SETUP_FORCECRL_FLAG — 100 (256))
(SETUP_UPDATE_CAOBJECT_SVRTYPE — 200 (512))
(SETUP_SERVER_UPGRADED_FLAG — 400 (1024))
(SETUP_W2K_SECURITY_NOT_UPGRADED_FLAG — 800 (2048))
(SETUP_SECURITY_CHANGED — 1000 (4096))
SETUP_DCOM_SECURITY_UPDATED_FLAG — 2000 (8192)
SETUP_SERVER_IS_UP_TO_DATE_FLAG — 4000 (16384)

WebClientCAMachine       REG_SZ = ca.ad.example.com
WebClientCAName          REG_SZ = YourName Root Certification Authority
WebClientCAType          REG_DWORD = 0
ENUM_ENTERPRISE_ROOTCA — 0
(ENUM_ENTERPRISE_SUBCA — 1)
(ENUM_STANDALONE_ROOTCA — 3)
(ENUM_STANDALONE_SUBCA — 4)
(ENUM_UNKNOWN_CA — 5)
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\*

certutil -v -getreg CA\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\*:

Keys:
CSP
EncryptionCSP
ExitModules
PolicyModules

Values:
DSConfigDN               REG_SZ = CN=Configuration,DC=ad,DC=example,DC=com
DSDomainDN               REG_SZ = DC=ad,DC=example,DC=com
ViewAgeMinutes           REG_DWORD = 10 (16)
ViewIdleMinutes          REG_DWORD = 8
CAType                   REG_DWORD = 0
ENUM_ENTERPRISE_ROOTCA — 0
(ENUM_ENTERPRISE_SUBCA — 1)
(ENUM_STANDALONE_ROOTCA — 3)
(ENUM_STANDALONE_SUBCA — 4)
(ENUM_UNKNOWN_CA — 5)

UseDS                    REG_DWORD = 1
ForceTeletex             REG_DWORD = 12 (18)
(ENUM_TELETEX_OFF — 0)
(ENUM_TELETEX_ON — 1)
ENUM_TELETEX_AUTO — 2
ENUM_TELETEX_UTF8 — 10 (16)
(ENUM_TELETEX_FORCEUTF8 — 20 (32))

SignedAttributes         REG_MULTI_SZ =
0: RequesterName

EKUOIDsForPublishExpiredCertInCRL REG_MULTI_SZ =
0: 1.3.6.1.5.5.7.3.3 Code Signing
1: 1.3.6.1.4.1.311.61.1.1 Kernel Mode Code Signing

CommonName               REG_SZ = YourName Root Certification Authority

Enabled                  REG_DWORD = 1
PolicyFlags              REG_DWORD = 0
CertEnrollCompatible     REG_DWORD = 0
CRLEditFlags             REG_DWORD = 100 (256)
(EDITF_ENABLEREQUESTEXTENSIONS — 1)
(EDITF_REQUESTEXTENSIONLIST — 2)
(EDITF_DISABLEEXTENSIONLIST — 4)
(EDITF_ADDOLDKEYUSAGE — 8)
(EDITF_ADDOLDCERTTYPE — 10 (16))
(EDITF_ATTRIBUTEENDDATE — 20 (32))
(EDITF_BASICCONSTRAINTSCRITICAL — 40 (64))
(EDITF_BASICCONSTRAINTSCA — 80 (128))
EDITF_ENABLEAKIKEYID — 100 (256)
(EDITF_ATTRIBUTECA — 200 (512))
(EDITF_IGNOREREQUESTERGROUP — 400 (1024))
(EDITF_ENABLEAKIISSUERNAME — 800 (2048))
(EDITF_ENABLEAKIISSUERSERIAL — 1000 (4096))
(EDITF_ENABLEAKICRITICAL — 2000 (8192))
(EDITF_SERVERUPGRADED — 4000 (16384))
(EDITF_ATTRIBUTEEKU — 8000 (32768))
(EDITF_ENABLEDEFAULTSMIME — 10000 (65536))
(EDITF_EMAILOPTIONAL — 20000 (131072))
(EDITF_ATTRIBUTESUBJECTALTNAME2 — 40000 (262144))
(EDITF_ENABLELDAPREFERRALS — 80000 (524288))
(EDITF_ENABLECHASECLIENTDC — 100000 (1048576))
(EDITF_AUDITCERTTEMPLATELOAD — 200000 (2097152))
(EDITF_DISABLEOLDOSCNUPN — 400000 (4194304))
(EDITF_DISABLELDAPPACKAGELIST — 800000 (8388608))
(EDITF_ENABLEUPNMAP — 1000000 (16777216))
(EDITF_ENABLEOCSPREVNOCHECK — 2000000 (33554432))
(EDITF_ENABLERENEWONBEHALFOF — 4000000 (67108864))

CRLFlags                 REG_DWORD = 2
(CRLF_DELTA_USE_OLDEST_UNEXPIRED_BASE — 1)
CRLF_DELETE_EXPIRED_CRLS — 2
(CRLF_CRLNUMBER_CRITICAL — 4)
(CRLF_REVCHECK_IGNORE_OFFLINE — 8)
(CRLF_IGNORE_INVALID_POLICIES — 10 (16))
(CRLF_REBUILD_MODIFIED_SUBJECT_ONLY — 20 (32))
(CRLF_SAVE_FAILED_CERTS — 40 (64))
(CRLF_IGNORE_UNKNOWN_CMC_ATTRIBUTES — 80 (128))
(CRLF_IGNORE_CROSS_CERT_TRUST_ERROR — 100 (256))
(CRLF_PUBLISH_EXPIRED_CERT_CRLS — 200 (512))
(CRLF_ENFORCE_ENROLLMENT_AGENT — 400 (1024))
(CRLF_DISABLE_RDN_REORDER — 800 (2048))
(CRLF_DISABLE_ROOT_CROSS_CERTS — 1000 (4096))
(CRLF_LOG_FULL_RESPONSE — 2000 (8192))
(CRLF_USE_XCHG_CERT_TEMPLATE — 4000 (16384))
(CRLF_USE_CROSS_CERT_TEMPLATE — 8000 (32768))
(CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT — 10000 (65536))
(CRLF_REVCHECK_IGNORE_NOREVCHECK — 20000 (131072))
(CRLF_PRESERVE_EXPIRED_CA_CERTS — 40000 (262144))
(CRLF_PRESERVE_REVOKED_CA_CERTS — 80000 (524288))
(CRLF_DISABLE_CHAIN_VERIFICATION — 100000 (1048576))
(CRLF_BUILD_ROOTCA_CRLENTRIES_BASEDONKEY — 200000 (2097152))

InterfaceFlags           REG_DWORD = 41 (65)
IF_LOCKICERTREQUEST — 1
(IF_NOREMOTEICERTREQUEST — 2)
(IF_NOLOCALICERTREQUEST — 4)
(IF_NORPCICERTREQUEST — 8)
(IF_NOREMOTEICERTADMIN — 10 (16))
(IF_NOLOCALICERTADMIN — 20 (32))
IF_NOREMOTEICERTADMINBACKUP — 40 (64)
(IF_NOLOCALICERTADMINBACKUP — 80 (128))
(IF_NOSNAPSHOTBACKUP — 100 (256))
(IF_ENFORCEENCRYPTICERTREQUEST — 200 (512))
(IF_ENFORCEENCRYPTICERTADMIN — 400 (1024))
(IF_ENABLEEXITKEYRETRIEVAL — 800 (2048))
(IF_ENABLEADMINASAUDITOR — 1000 (4096))

EnforceX500NameLengths   REG_DWORD = 1
SubjectTemplate          REG_MULTI_SZ =
0: EMail
1: CommonName
2: OrganizationalUnit
3: Organization
4: Locality
5: State
6: DomainComponent
7: Country

ClockSkewMinutes         REG_DWORD = a (10)
LogLevel                 REG_DWORD = 3

HighSerial               REG_DWORD = 0
CAServerName             REG_SZ = ca.ad.example.com
ValidityPeriod           REG_SZ = Years
ValidityPeriodUnits      REG_DWORD = 2
CAXchgCertHash           REG_MULTI_SZ =

KRACertHash              REG_MULTI_SZ =
KRACertCount             REG_DWORD = 0
KRAFlags                 REG_DWORD = 0
(KRAF_ENABLEFOREIGN — 1)
(KRAF_SAVEBADREQUESTKEY — 2)
(KRAF_ENABLEARCHIVEALL — 4)
(KRAF_DISABLEUSEDEFAULTPROVIDER — 8)

CRLPublicationURLs       REG_MULTI_SZ =
0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
CSURL_SERVERPUBLISH — 1
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
CSURL_SERVERPUBLISHDELTA — 40 (64)
(CSURL_ADDTOIDP — 80 (128))

1: 79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
CSURL_SERVERPUBLISH — 1
CSURL_ADDTOCERTCDP — 2
CSURL_ADDTOFRESHESTCRL — 4
CSURL_ADDTOCRLCDP — 8
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
CSURL_SERVERPUBLISHDELTA — 40 (64)
(CSURL_ADDTOIDP — 80 (128))

2: 0:http://%1/CertEnroll/%3%8%9.crl
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

3: 0:file://%1/CertEnroll/%3%8%9.crl
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

CRLPeriod                REG_SZ = Weeks

CRLPeriodUnits           REG_DWORD = 1
CRLOverlapPeriod         REG_SZ = Hours
CRLOverlapUnits          REG_DWORD = 0
CRLDeltaPeriod           REG_SZ = Days
CRLDeltaPeriodUnits      REG_DWORD = 1

CRLDeltaOverlapPeriod    REG_SZ = Minutes
CRLDeltaOverlapUnits     REG_DWORD = 0
CAXchgValidityPeriod     REG_SZ = Weeks
CAXchgValidityPeriodUnits REG_DWORD = 1
CAXchgOverlapPeriod      REG_SZ = Days

CAXchgOverlapPeriodUnits REG_DWORD = 1
MaxIncomingMessageSize   REG_DWORD = 10000 (65536)
MaxIncomingAllocSize     REG_DWORD = 10000 (65536)
CACertPublicationURLs    REG_MULTI_SZ =
0: 1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
CSURL_SERVERPUBLISH — 1
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

1: 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
CSURL_SERVERPUBLISH — 1
CSURL_ADDTOCERTCDP — 2
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

2: 0:http://%1/CertEnroll/%1_%3%4.crt
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

3: 0:file://%1/CertEnroll/%1_%3%4.crt
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))

CACertHash               REG_MULTI_SZ =
0: 5e 6e db a4 47 1f 02 65 81 48 cc a4 d4 ce 6d 6c e1 00 a4 c5

Security                 REG_BINARY =
Allow CA Administrator    BUILTIN\Administrators
Allow Certificate Manager    BUILTIN\Administrators
Allow CA Administrator    AD\Domain Admins
Allow Certificate Manager    AD\Domain Admins
Allow CA Administrator    AD\Enterprise Admins
Allow Certificate Manager    AD\Enterprise Admins
Allow Enroll    NT AUTHORITY\Authenticated Users

0000    01 00 14 84 20 01 00 00  30 01 00 00 14 00 00 00   …. …0…….
0010    44 00 00 00 02 00 30 00  02 00 00 00 02 c0 14 00   D…..0………
0020    ff ff 00 00 01 01 00 00  00 00 00 01 00 00 00 00   …………….
0030    02 c0 14 00 ff ff 00 00  01 01 00 00 00 00 00 05   …………….
0040    07 00 00 00 02 00 dc 00  07 00 00 00 00 03 18 00   …………….
0050    01 00 00 00 01 02 00 00  00 00 00 05 20 00 00 00   ………… …
0060    20 02 00 00 00 03 18 00  02 00 00 00 01 02 00 00    ……………
0070    00 00 00 05 20 00 00 00  20 02 00 00 00 03 24 00   …. … …..$.
0080    01 00 00 00 01 05 00 00  00 00 00 05 15 00 00 00   …………….
0090    42 3d 9f ab d4 be 40 5e  96 74 c4 c5 00 02 00 00   B=….@^.t……
00a0    00 03 24 00 02 00 00 00  01 05 00 00 00 00 00 05   ..$………….
00b0    15 00 00 00 42 3d 9f ab  d4 be 40 5e 96 74 c4 c5   ….B=….@^.t..
00c0    00 02 00 00 00 03 24 00  01 00 00 00 01 05 00 00   ……$………
00d0    00 00 00 05 15 00 00 00  42 3d 9f ab d4 be 40 5e   ……..B=….@^
00e0    96 74 c4 c5 07 02 00 00  00 03 24 00 02 00 00 00   .t……..$…..
00f0    01 05 00 00 00 00 00 05  15 00 00 00 42 3d 9f ab   …………B=..
0100    d4 be 40 5e 96 74 c4 c5  07 02 00 00 00 03 14 00   ..@^.t……….
0110    00 02 00 00 01 01 00 00  00 00 00 05 0b 00 00 00   …………….
0120    01 02 00 00 00 00 00 05  20 00 00 00 20 02 00 00   …….. … …
0130    01 02 00 00 00 00 00 05  20 00 00 00 20 02 00 00   …….. … …

SetupStatus              REG_DWORD = 1
SETUP_SERVER_FLAG — 1
(SETUP_CLIENT_FLAG — 2)
(SETUP_SUSPEND_FLAG — 4)
(SETUP_REQUEST_FLAG — 8)
(SETUP_ONLINE_FLAG — 10 (16))
(SETUP_DENIED_FLAG — 20 (32))
(SETUP_CREATEDB_FLAG — 40 (64))
(SETUP_ATTEMPT_VROOT_CREATE — 80 (128))
(SETUP_FORCECRL_FLAG — 100 (256))
(SETUP_UPDATE_CAOBJECT_SVRTYPE — 200 (512))
(SETUP_SERVER_UPGRADED_FLAG — 400 (1024))
(SETUP_W2K_SECURITY_NOT_UPGRADED_FLAG — 800 (2048))
(SETUP_SECURITY_CHANGED — 1000 (4096))
(SETUP_DCOM_SECURITY_UPDATED_FLAG — 2000 (8192))
(SETUP_SERVER_IS_UP_TO_DATE_FLAG — 4000 (16384))

CRLNextPublish           REG_BINARY = 25.07.2011 5:31
0000    da b2 94 ed 72 4a cc 01                            ….rJ..

CRLDeltaNextPublish      REG_BINARY = 19.07.2011 5:31
0000    da 32 1a ef bb 45 cc 01                            .2…E..
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\CSP\*

certutil -v -getreg CA\CSP\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\CSP:

Values:
ProviderType             REG_DWORD = 0
Provider                 REG_SZ = Microsoft Software Key Storage Provider
HashAlgorithm            REG_DWORD = 8004 (32772)
CALG_SHA1
Algorithm Class: 0x8000(4) ALG_CLASS_HASH
Algorithm Type: 0x0(0) ALG_TYPE_ANY
Algorithm Sub-id: 0x4(4) ALG_SID_SHA1

CNGPublicKeyAlgorithm    REG_SZ = RSA
CNGHashAlgorithm         REG_SZ = SHA1

MachineKeyset            REG_DWORD = 1
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\EncryptionCSP\*

certutil -v -getreg CA\EncryptionCSP\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\EncryptionCSP:

Values:
ProviderType             REG_DWORD = 0
Provider                 REG_SZ = Microsoft Software Key Storage Provider
EncryptionAlgorithm      REG_DWORD = 6603 (26115)
CALG_3DES
Algorithm Class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm Type: 0x600(3) ALG_TYPE_BLOCK
Algorithm Sub-id: 0x3(3) ALG_SID_3DES

CNGPublicKeyAlgorithm    REG_SZ = RSA
CNGEncryptionAlgorithm   REG_SZ = 3DES

MachineKeyset            REG_DWORD = 1
KeySize                  REG_DWORD = 800 (2048)
SymmetricKeySize         REG_DWORD = a8 (168)
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\ExitModules\*

certutil -v -getreg CA\ExitModules\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\ExitModules:

Keys:
CertificateAuthority_MicrosoftDefault.Exit

Values:
Active                   REG_MULTI_SZ =
0: CertificateAuthority_MicrosoftDefault.Exit
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\ExitModules\CertificateAuthority_MicrosoftDefault.Exit\*

certutil -v -getreg CA\ExitModules\CertificateAuthority_MicrosoftDefault.Exit\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\ExitModules\CertificateAuthority_MicrosoftDefault.Exit:

Keys:
SMTP

Values:
PublishCertFlags         REG_DWORD = 2
(EXITPUB_FILE — 1)
EXITPUB_ACTIVEDIRECTORY — 2
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\PolicyModules\*

certutil -v -getreg CA\PolicyModules\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\PolicyModules:

Keys:
CertificateAuthority_MicrosoftDefault.Policy

Values:
Active                   REG_SZ = CertificateAuthority_MicrosoftDefault.Policy
CertUtil: -getreg command completed successfully.

certutil -v -getreg CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\*

certutil -v -getreg CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy:

Values:
RevocationType           REG_DWORD = 100 (256)
(REVEXT_CDPLDAPURL — 1)
(REVEXT_CDPHTTPURL — 2)
(REVEXT_CDPFTPURL — 4)
(REVEXT_CDPFILEURL — 8)
REVEXT_CDPENABLE — 100 (256)
(REVEXT_ASPENABLE — 200 (512))

CAPathLength             REG_DWORD = ffffffff (-1)
RevocationURL            REG_SZ = https://%1/CertEnroll/nsrev_%3.asp
EnableRequestExtensionList REG_MULTI_SZ =
0: 1.2.840.113549.1.9.15 SMIME Capabilities
1: 1.3.6.1.4.1.311.21.1 CA Version
2: 1.3.6.1.4.1.311.21.2 Previous CA Certificate Hash
3: 2.5.29.15 Key Usage

EnableEnrolleeRequestExtensionList REG_MULTI_SZ =
0: 1.3.6.1.4.1.311.10.9.1 Cross-Certificate Distribution Points
1: 1.3.6.1.4.1.311.20.2 Certificate Template Name (Certificate Type)
2: 1.3.6.1.4.1.311.21.7 Certificate Template Information
3: 1.3.6.1.4.1.311.21.10 Application Policies
4: 1.3.6.1.4.1.311.21.11 Application Policy Mappings
5: 1.3.6.1.4.1.311.21.12 Application Policy Constraints
6: 2.5.29.17 Subject Alternative Name
7: 2.5.29.30 Name Constraints
8: 2.5.29.32 Certificate Policies
9: 2.5.29.33 Policy Mappings
10: 2.5.29.36 Policy Constraints
11: 2.5.29.37 Enhanced Key Usage

DisableExtensionList     REG_MULTI_SZ =
SubjectAltName           REG_SZ = DISABLED: Set to EMail to set SubjectAltName extension to the email address

SubjectAltName2          REG_SZ = DISABLED: Set to EMail to set SubjectAltName2 extension to the email address

RequestDisposition       REG_DWORD = 1
(REQDISP_PENDING — 0)
REQDISP_ISSUE — 1
(REQDISP_DENY — 2)
(REQDISP_USEREQUESTATTRIBUTE — 3)
(REQDISP_PENDINGFIRST — 100 (256))

EditFlags                REG_DWORD = 11014e (1114446)
(EDITF_ENABLEREQUESTEXTENSIONS — 1)
EDITF_REQUESTEXTENSIONLIST — 2
EDITF_DISABLEEXTENSIONLIST — 4
EDITF_ADDOLDKEYUSAGE — 8
(EDITF_ADDOLDCERTTYPE — 10 (16))
(EDITF_ATTRIBUTEENDDATE — 20 (32))
EDITF_BASICCONSTRAINTSCRITICAL — 40 (64)
(EDITF_BASICCONSTRAINTSCA — 80 (128))
EDITF_ENABLEAKIKEYID — 100 (256)
(EDITF_ATTRIBUTECA — 200 (512))
(EDITF_IGNOREREQUESTERGROUP — 400 (1024))
(EDITF_ENABLEAKIISSUERNAME — 800 (2048))
(EDITF_ENABLEAKIISSUERSERIAL — 1000 (4096))
(EDITF_ENABLEAKICRITICAL — 2000 (8192))
(EDITF_SERVERUPGRADED — 4000 (16384))
(EDITF_ATTRIBUTEEKU — 8000 (32768))
EDITF_ENABLEDEFAULTSMIME — 10000 (65536)
(EDITF_EMAILOPTIONAL — 20000 (131072))
(EDITF_ATTRIBUTESUBJECTALTNAME2 — 40000 (262144))
(EDITF_ENABLELDAPREFERRALS — 80000 (524288))
EDITF_ENABLECHASECLIENTDC — 100000 (1048576)
(EDITF_AUDITCERTTEMPLATELOAD — 200000 (2097152))
(EDITF_DISABLEOLDOSCNUPN — 400000 (4194304))
(EDITF_DISABLELDAPPACKAGELIST — 800000 (8388608))
(EDITF_ENABLEUPNMAP — 1000000 (16777216))
(EDITF_ENABLEOCSPREVNOCHECK — 2000000 (33554432))
(EDITF_ENABLERENEWONBEHALFOF — 4000000 (67108864))

DefaultSMIME             REG_MULTI_SZ =
0: 1.2.840.113549.3.2,128 rc2 80 (128)
1: 1.2.840.113549.3.4,128 rc4 80 (128)
2: 1.3.14.3.2.7 des
3: 1.2.840.113549.3.7 3des
CertUtil: -getreg command completed successfully.

Поделитесь своими мыслями, оставьте комментарий.

(required)
(required)

Внимание: HTML допускается. Ваш e-mail никогда не будет опубликован.

Подписка на комментарии

Captcha * Лимит времени истёк. Пожалуйста, перезагрузите CAPTCHA.