Certification Authority настройки по умолчанию для Windows Server 2008 R2 SP1
Конфигурация Certification Authority (CA) по умолчанию в Windows Server 2008 R2 Enterprise SP1.
certutil -v -getreg *
certutil -v -getreg *
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\*:
Keys:
YourName Root Certification Authority
Values:
Active REG_SZ = YourName Root Certification Authority
DBDirectory REG_SZ = C:\Windows\system32\CertLog
DBLogDirectory REG_SZ = C:\Windows\system32\CertLog
DBTempDirectory REG_SZ = C:\Windows\system32\CertLog
DBSystemDirectory REG_SZ = C:\Windows\system32\CertLog
DBSessionCount REG_DWORD = 64 (100)
LDAPFlags REG_DWORD = 0
(LDAPF_SSLENABLE — 1)
(LDAPF_SIGNDISABLE — 2)
DBFlags REG_DWORD = b0 (176)
(DBFLAGS_READONLY — 1)
(DBFLAGS_CREATEIFNEEDED — 2)
(DBFLAGS_CIRCULARLOGGING — 4)
(DBFLAGS_LAZYFLUSH — 8)
DBFLAGS_MAXCACHESIZEX100 — 10 (16)
DBFLAGS_CHECKPOINTDEPTH60MB — 20 (32)
(DBFLAGS_LOGBUFFERSLARGE — 40 (64))
DBFLAGS_LOGBUFFERSHUGE — 80 (128)
(DBFLAGS_LOGFILESIZE16MB — 100 (256))
(DBFLAGS_MULTITHREADTRANSACTIONS — 200 (512))
(DBFLAGS_DISABLESNAPSHOTBACKUP — 400 (1024))
(DBFLAGS_ENABLEVOLATILEREQUESTS — 800 (2048))
Version REG_DWORD = 40001 (262145) — 4.1
SetupStatus REG_DWORD = 6003 (24579)
SETUP_SERVER_FLAG — 1
SETUP_CLIENT_FLAG — 2
(SETUP_SUSPEND_FLAG — 4)
(SETUP_REQUEST_FLAG — 8)
(SETUP_ONLINE_FLAG — 10 (16))
(SETUP_DENIED_FLAG — 20 (32))
(SETUP_CREATEDB_FLAG — 40 (64))
(SETUP_ATTEMPT_VROOT_CREATE — 80 (128))
(SETUP_FORCECRL_FLAG — 100 (256))
(SETUP_UPDATE_CAOBJECT_SVRTYPE — 200 (512))
(SETUP_SERVER_UPGRADED_FLAG — 400 (1024))
(SETUP_W2K_SECURITY_NOT_UPGRADED_FLAG — 800 (2048))
(SETUP_SECURITY_CHANGED — 1000 (4096))
SETUP_DCOM_SECURITY_UPDATED_FLAG — 2000 (8192)
SETUP_SERVER_IS_UP_TO_DATE_FLAG — 4000 (16384)
WebClientCAMachine REG_SZ = ca.ad.example.com
WebClientCAName REG_SZ = YourName Root Certification Authority
WebClientCAType REG_DWORD = 0
ENUM_ENTERPRISE_ROOTCA — 0
(ENUM_ENTERPRISE_SUBCA — 1)
(ENUM_STANDALONE_ROOTCA — 3)
(ENUM_STANDALONE_SUBCA — 4)
(ENUM_UNKNOWN_CA — 5)
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\*
certutil -v -getreg CA\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\*:
Keys:
CSP
EncryptionCSP
ExitModules
PolicyModules
Values:
DSConfigDN REG_SZ = CN=Configuration,DC=ad,DC=example,DC=com
DSDomainDN REG_SZ = DC=ad,DC=example,DC=com
ViewAgeMinutes REG_DWORD = 10 (16)
ViewIdleMinutes REG_DWORD = 8
CAType REG_DWORD = 0
ENUM_ENTERPRISE_ROOTCA — 0
(ENUM_ENTERPRISE_SUBCA — 1)
(ENUM_STANDALONE_ROOTCA — 3)
(ENUM_STANDALONE_SUBCA — 4)
(ENUM_UNKNOWN_CA — 5)
UseDS REG_DWORD = 1
ForceTeletex REG_DWORD = 12 (18)
(ENUM_TELETEX_OFF — 0)
(ENUM_TELETEX_ON — 1)
ENUM_TELETEX_AUTO — 2
ENUM_TELETEX_UTF8 — 10 (16)
(ENUM_TELETEX_FORCEUTF8 — 20 (32))
SignedAttributes REG_MULTI_SZ =
0: RequesterName
EKUOIDsForPublishExpiredCertInCRL REG_MULTI_SZ =
0: 1.3.6.1.5.5.7.3.3 Code Signing
1: 1.3.6.1.4.1.311.61.1.1 Kernel Mode Code Signing
CommonName REG_SZ = YourName Root Certification Authority
Enabled REG_DWORD = 1
PolicyFlags REG_DWORD = 0
CertEnrollCompatible REG_DWORD = 0
CRLEditFlags REG_DWORD = 100 (256)
(EDITF_ENABLEREQUESTEXTENSIONS — 1)
(EDITF_REQUESTEXTENSIONLIST — 2)
(EDITF_DISABLEEXTENSIONLIST — 4)
(EDITF_ADDOLDKEYUSAGE — 8)
(EDITF_ADDOLDCERTTYPE — 10 (16))
(EDITF_ATTRIBUTEENDDATE — 20 (32))
(EDITF_BASICCONSTRAINTSCRITICAL — 40 (64))
(EDITF_BASICCONSTRAINTSCA — 80 (128))
EDITF_ENABLEAKIKEYID — 100 (256)
(EDITF_ATTRIBUTECA — 200 (512))
(EDITF_IGNOREREQUESTERGROUP — 400 (1024))
(EDITF_ENABLEAKIISSUERNAME — 800 (2048))
(EDITF_ENABLEAKIISSUERSERIAL — 1000 (4096))
(EDITF_ENABLEAKICRITICAL — 2000 (8192))
(EDITF_SERVERUPGRADED — 4000 (16384))
(EDITF_ATTRIBUTEEKU — 8000 (32768))
(EDITF_ENABLEDEFAULTSMIME — 10000 (65536))
(EDITF_EMAILOPTIONAL — 20000 (131072))
(EDITF_ATTRIBUTESUBJECTALTNAME2 — 40000 (262144))
(EDITF_ENABLELDAPREFERRALS — 80000 (524288))
(EDITF_ENABLECHASECLIENTDC — 100000 (1048576))
(EDITF_AUDITCERTTEMPLATELOAD — 200000 (2097152))
(EDITF_DISABLEOLDOSCNUPN — 400000 (4194304))
(EDITF_DISABLELDAPPACKAGELIST — 800000 (8388608))
(EDITF_ENABLEUPNMAP — 1000000 (16777216))
(EDITF_ENABLEOCSPREVNOCHECK — 2000000 (33554432))
(EDITF_ENABLERENEWONBEHALFOF — 4000000 (67108864))
CRLFlags REG_DWORD = 2
(CRLF_DELTA_USE_OLDEST_UNEXPIRED_BASE — 1)
CRLF_DELETE_EXPIRED_CRLS — 2
(CRLF_CRLNUMBER_CRITICAL — 4)
(CRLF_REVCHECK_IGNORE_OFFLINE — 8)
(CRLF_IGNORE_INVALID_POLICIES — 10 (16))
(CRLF_REBUILD_MODIFIED_SUBJECT_ONLY — 20 (32))
(CRLF_SAVE_FAILED_CERTS — 40 (64))
(CRLF_IGNORE_UNKNOWN_CMC_ATTRIBUTES — 80 (128))
(CRLF_IGNORE_CROSS_CERT_TRUST_ERROR — 100 (256))
(CRLF_PUBLISH_EXPIRED_CERT_CRLS — 200 (512))
(CRLF_ENFORCE_ENROLLMENT_AGENT — 400 (1024))
(CRLF_DISABLE_RDN_REORDER — 800 (2048))
(CRLF_DISABLE_ROOT_CROSS_CERTS — 1000 (4096))
(CRLF_LOG_FULL_RESPONSE — 2000 (8192))
(CRLF_USE_XCHG_CERT_TEMPLATE — 4000 (16384))
(CRLF_USE_CROSS_CERT_TEMPLATE — 8000 (32768))
(CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT — 10000 (65536))
(CRLF_REVCHECK_IGNORE_NOREVCHECK — 20000 (131072))
(CRLF_PRESERVE_EXPIRED_CA_CERTS — 40000 (262144))
(CRLF_PRESERVE_REVOKED_CA_CERTS — 80000 (524288))
(CRLF_DISABLE_CHAIN_VERIFICATION — 100000 (1048576))
(CRLF_BUILD_ROOTCA_CRLENTRIES_BASEDONKEY — 200000 (2097152))
InterfaceFlags REG_DWORD = 41 (65)
IF_LOCKICERTREQUEST — 1
(IF_NOREMOTEICERTREQUEST — 2)
(IF_NOLOCALICERTREQUEST — 4)
(IF_NORPCICERTREQUEST — 8)
(IF_NOREMOTEICERTADMIN — 10 (16))
(IF_NOLOCALICERTADMIN — 20 (32))
IF_NOREMOTEICERTADMINBACKUP — 40 (64)
(IF_NOLOCALICERTADMINBACKUP — 80 (128))
(IF_NOSNAPSHOTBACKUP — 100 (256))
(IF_ENFORCEENCRYPTICERTREQUEST — 200 (512))
(IF_ENFORCEENCRYPTICERTADMIN — 400 (1024))
(IF_ENABLEEXITKEYRETRIEVAL — 800 (2048))
(IF_ENABLEADMINASAUDITOR — 1000 (4096))
EnforceX500NameLengths REG_DWORD = 1
SubjectTemplate REG_MULTI_SZ =
0: EMail
1: CommonName
2: OrganizationalUnit
3: Organization
4: Locality
5: State
6: DomainComponent
7: Country
ClockSkewMinutes REG_DWORD = a (10)
LogLevel REG_DWORD = 3
HighSerial REG_DWORD = 0
CAServerName REG_SZ = ca.ad.example.com
ValidityPeriod REG_SZ = Years
ValidityPeriodUnits REG_DWORD = 2
CAXchgCertHash REG_MULTI_SZ =
KRACertHash REG_MULTI_SZ =
KRACertCount REG_DWORD = 0
KRAFlags REG_DWORD = 0
(KRAF_ENABLEFOREIGN — 1)
(KRAF_SAVEBADREQUESTKEY — 2)
(KRAF_ENABLEARCHIVEALL — 4)
(KRAF_DISABLEUSEDEFAULTPROVIDER — 8)
CRLPublicationURLs REG_MULTI_SZ =
0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
CSURL_SERVERPUBLISH — 1
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
CSURL_SERVERPUBLISHDELTA — 40 (64)
(CSURL_ADDTOIDP — 80 (128))
1: 79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
CSURL_SERVERPUBLISH — 1
CSURL_ADDTOCERTCDP — 2
CSURL_ADDTOFRESHESTCRL — 4
CSURL_ADDTOCRLCDP — 8
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
CSURL_SERVERPUBLISHDELTA — 40 (64)
(CSURL_ADDTOIDP — 80 (128))
2: 0:http://%1/CertEnroll/%3%8%9.crl
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
3: 0:file://%1/CertEnroll/%3%8%9.crl
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
CRLPeriod REG_SZ = Weeks
CRLPeriodUnits REG_DWORD = 1
CRLOverlapPeriod REG_SZ = Hours
CRLOverlapUnits REG_DWORD = 0
CRLDeltaPeriod REG_SZ = Days
CRLDeltaPeriodUnits REG_DWORD = 1
CRLDeltaOverlapPeriod REG_SZ = Minutes
CRLDeltaOverlapUnits REG_DWORD = 0
CAXchgValidityPeriod REG_SZ = Weeks
CAXchgValidityPeriodUnits REG_DWORD = 1
CAXchgOverlapPeriod REG_SZ = Days
CAXchgOverlapPeriodUnits REG_DWORD = 1
MaxIncomingMessageSize REG_DWORD = 10000 (65536)
MaxIncomingAllocSize REG_DWORD = 10000 (65536)
CACertPublicationURLs REG_MULTI_SZ =
0: 1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
CSURL_SERVERPUBLISH — 1
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
1: 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
CSURL_SERVERPUBLISH — 1
CSURL_ADDTOCERTCDP — 2
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
2: 0:http://%1/CertEnroll/%1_%3%4.crt
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
3: 0:file://%1/CertEnroll/%1_%3%4.crt
(CSURL_SERVERPUBLISH — 1)
(CSURL_ADDTOCERTCDP — 2)
(CSURL_ADDTOFRESHESTCRL — 4)
(CSURL_ADDTOCRLCDP — 8)
(CSURL_PUBLISHRETRY — 10 (16))
(CSURL_ADDTOCERTOCSP — 20 (32))
(CSURL_SERVERPUBLISHDELTA — 40 (64))
(CSURL_ADDTOIDP — 80 (128))
CACertHash REG_MULTI_SZ =
0: 5e 6e db a4 47 1f 02 65 81 48 cc a4 d4 ce 6d 6c e1 00 a4 c5
Security REG_BINARY =
Allow CA Administrator BUILTIN\Administrators
Allow Certificate Manager BUILTIN\Administrators
Allow CA Administrator AD\Domain Admins
Allow Certificate Manager AD\Domain Admins
Allow CA Administrator AD\Enterprise Admins
Allow Certificate Manager AD\Enterprise Admins
Allow Enroll NT AUTHORITY\Authenticated Users
0000 01 00 14 84 20 01 00 00 30 01 00 00 14 00 00 00 …. …0…….
0010 44 00 00 00 02 00 30 00 02 00 00 00 02 c0 14 00 D…..0………
0020 ff ff 00 00 01 01 00 00 00 00 00 01 00 00 00 00 …………….
0030 02 c0 14 00 ff ff 00 00 01 01 00 00 00 00 00 05 …………….
0040 07 00 00 00 02 00 dc 00 07 00 00 00 00 03 18 00 …………….
0050 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ………… …
0060 20 02 00 00 00 03 18 00 02 00 00 00 01 02 00 00 ……………
0070 00 00 00 05 20 00 00 00 20 02 00 00 00 03 24 00 …. … …..$.
0080 01 00 00 00 01 05 00 00 00 00 00 05 15 00 00 00 …………….
0090 42 3d 9f ab d4 be 40 5e 96 74 c4 c5 00 02 00 00 B=….@^.t……
00a0 00 03 24 00 02 00 00 00 01 05 00 00 00 00 00 05 ..$………….
00b0 15 00 00 00 42 3d 9f ab d4 be 40 5e 96 74 c4 c5 ….B=….@^.t..
00c0 00 02 00 00 00 03 24 00 01 00 00 00 01 05 00 00 ……$………
00d0 00 00 00 05 15 00 00 00 42 3d 9f ab d4 be 40 5e ……..B=….@^
00e0 96 74 c4 c5 07 02 00 00 00 03 24 00 02 00 00 00 .t……..$…..
00f0 01 05 00 00 00 00 00 05 15 00 00 00 42 3d 9f ab …………B=..
0100 d4 be 40 5e 96 74 c4 c5 07 02 00 00 00 03 14 00 ..@^.t……….
0110 00 02 00 00 01 01 00 00 00 00 00 05 0b 00 00 00 …………….
0120 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 …….. … …
0130 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 …….. … …
SetupStatus REG_DWORD = 1
SETUP_SERVER_FLAG — 1
(SETUP_CLIENT_FLAG — 2)
(SETUP_SUSPEND_FLAG — 4)
(SETUP_REQUEST_FLAG — 8)
(SETUP_ONLINE_FLAG — 10 (16))
(SETUP_DENIED_FLAG — 20 (32))
(SETUP_CREATEDB_FLAG — 40 (64))
(SETUP_ATTEMPT_VROOT_CREATE — 80 (128))
(SETUP_FORCECRL_FLAG — 100 (256))
(SETUP_UPDATE_CAOBJECT_SVRTYPE — 200 (512))
(SETUP_SERVER_UPGRADED_FLAG — 400 (1024))
(SETUP_W2K_SECURITY_NOT_UPGRADED_FLAG — 800 (2048))
(SETUP_SECURITY_CHANGED — 1000 (4096))
(SETUP_DCOM_SECURITY_UPDATED_FLAG — 2000 (8192))
(SETUP_SERVER_IS_UP_TO_DATE_FLAG — 4000 (16384))
CRLNextPublish REG_BINARY = 25.07.2011 5:31
0000 da b2 94 ed 72 4a cc 01 ….rJ..
CRLDeltaNextPublish REG_BINARY = 19.07.2011 5:31
0000 da 32 1a ef bb 45 cc 01 .2…E..
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\CSP\*
certutil -v -getreg CA\CSP\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\CSP:
Values:
ProviderType REG_DWORD = 0
Provider REG_SZ = Microsoft Software Key Storage Provider
HashAlgorithm REG_DWORD = 8004 (32772)
CALG_SHA1
Algorithm Class: 0x8000(4) ALG_CLASS_HASH
Algorithm Type: 0x0(0) ALG_TYPE_ANY
Algorithm Sub-id: 0x4(4) ALG_SID_SHA1
CNGPublicKeyAlgorithm REG_SZ = RSA
CNGHashAlgorithm REG_SZ = SHA1
MachineKeyset REG_DWORD = 1
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\EncryptionCSP\*
certutil -v -getreg CA\EncryptionCSP\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\EncryptionCSP:
Values:
ProviderType REG_DWORD = 0
Provider REG_SZ = Microsoft Software Key Storage Provider
EncryptionAlgorithm REG_DWORD = 6603 (26115)
CALG_3DES
Algorithm Class: 0x6000(3) ALG_CLASS_DATA_ENCRYPT
Algorithm Type: 0x600(3) ALG_TYPE_BLOCK
Algorithm Sub-id: 0x3(3) ALG_SID_3DES
CNGPublicKeyAlgorithm REG_SZ = RSA
CNGEncryptionAlgorithm REG_SZ = 3DES
MachineKeyset REG_DWORD = 1
KeySize REG_DWORD = 800 (2048)
SymmetricKeySize REG_DWORD = a8 (168)
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\ExitModules\*
certutil -v -getreg CA\ExitModules\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\ExitModules:
Keys:
CertificateAuthority_MicrosoftDefault.Exit
Values:
Active REG_MULTI_SZ =
0: CertificateAuthority_MicrosoftDefault.Exit
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\ExitModules\CertificateAuthority_MicrosoftDefault.Exit\*
certutil -v -getreg CA\ExitModules\CertificateAuthority_MicrosoftDefault.Exit\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\ExitModules\CertificateAuthority_MicrosoftDefault.Exit:
Keys:
SMTP
Values:
PublishCertFlags REG_DWORD = 2
(EXITPUB_FILE — 1)
EXITPUB_ACTIVEDIRECTORY — 2
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\PolicyModules\*
certutil -v -getreg CA\PolicyModules\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\PolicyModules:
Keys:
CertificateAuthority_MicrosoftDefault.Policy
Values:
Active REG_SZ = CertificateAuthority_MicrosoftDefault.Policy
CertUtil: -getreg command completed successfully.
certutil -v -getreg CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\*
certutil -v -getreg CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\YourName Root Certification Authority\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy:
Values:
RevocationType REG_DWORD = 100 (256)
(REVEXT_CDPLDAPURL — 1)
(REVEXT_CDPHTTPURL — 2)
(REVEXT_CDPFTPURL — 4)
(REVEXT_CDPFILEURL — 8)
REVEXT_CDPENABLE — 100 (256)
(REVEXT_ASPENABLE — 200 (512))
CAPathLength REG_DWORD = ffffffff (-1)
RevocationURL REG_SZ = https://%1/CertEnroll/nsrev_%3.asp
EnableRequestExtensionList REG_MULTI_SZ =
0: 1.2.840.113549.1.9.15 SMIME Capabilities
1: 1.3.6.1.4.1.311.21.1 CA Version
2: 1.3.6.1.4.1.311.21.2 Previous CA Certificate Hash
3: 2.5.29.15 Key Usage
EnableEnrolleeRequestExtensionList REG_MULTI_SZ =
0: 1.3.6.1.4.1.311.10.9.1 Cross-Certificate Distribution Points
1: 1.3.6.1.4.1.311.20.2 Certificate Template Name (Certificate Type)
2: 1.3.6.1.4.1.311.21.7 Certificate Template Information
3: 1.3.6.1.4.1.311.21.10 Application Policies
4: 1.3.6.1.4.1.311.21.11 Application Policy Mappings
5: 1.3.6.1.4.1.311.21.12 Application Policy Constraints
6: 2.5.29.17 Subject Alternative Name
7: 2.5.29.30 Name Constraints
8: 2.5.29.32 Certificate Policies
9: 2.5.29.33 Policy Mappings
10: 2.5.29.36 Policy Constraints
11: 2.5.29.37 Enhanced Key Usage
DisableExtensionList REG_MULTI_SZ =
SubjectAltName REG_SZ = DISABLED: Set to EMail to set SubjectAltName extension to the email address
SubjectAltName2 REG_SZ = DISABLED: Set to EMail to set SubjectAltName2 extension to the email address
RequestDisposition REG_DWORD = 1
(REQDISP_PENDING — 0)
REQDISP_ISSUE — 1
(REQDISP_DENY — 2)
(REQDISP_USEREQUESTATTRIBUTE — 3)
(REQDISP_PENDINGFIRST — 100 (256))
EditFlags REG_DWORD = 11014e (1114446)
(EDITF_ENABLEREQUESTEXTENSIONS — 1)
EDITF_REQUESTEXTENSIONLIST — 2
EDITF_DISABLEEXTENSIONLIST — 4
EDITF_ADDOLDKEYUSAGE — 8
(EDITF_ADDOLDCERTTYPE — 10 (16))
(EDITF_ATTRIBUTEENDDATE — 20 (32))
EDITF_BASICCONSTRAINTSCRITICAL — 40 (64)
(EDITF_BASICCONSTRAINTSCA — 80 (128))
EDITF_ENABLEAKIKEYID — 100 (256)
(EDITF_ATTRIBUTECA — 200 (512))
(EDITF_IGNOREREQUESTERGROUP — 400 (1024))
(EDITF_ENABLEAKIISSUERNAME — 800 (2048))
(EDITF_ENABLEAKIISSUERSERIAL — 1000 (4096))
(EDITF_ENABLEAKICRITICAL — 2000 (8192))
(EDITF_SERVERUPGRADED — 4000 (16384))
(EDITF_ATTRIBUTEEKU — 8000 (32768))
EDITF_ENABLEDEFAULTSMIME — 10000 (65536)
(EDITF_EMAILOPTIONAL — 20000 (131072))
(EDITF_ATTRIBUTESUBJECTALTNAME2 — 40000 (262144))
(EDITF_ENABLELDAPREFERRALS — 80000 (524288))
EDITF_ENABLECHASECLIENTDC — 100000 (1048576)
(EDITF_AUDITCERTTEMPLATELOAD — 200000 (2097152))
(EDITF_DISABLEOLDOSCNUPN — 400000 (4194304))
(EDITF_DISABLELDAPPACKAGELIST — 800000 (8388608))
(EDITF_ENABLEUPNMAP — 1000000 (16777216))
(EDITF_ENABLEOCSPREVNOCHECK — 2000000 (33554432))
(EDITF_ENABLERENEWONBEHALFOF — 4000000 (67108864))
DefaultSMIME REG_MULTI_SZ =
0: 1.2.840.113549.3.2,128 rc2 80 (128)
1: 1.2.840.113549.3.4,128 rc4 80 (128)
2: 1.3.14.3.2.7 des
3: 1.2.840.113549.3.7 3des
CertUtil: -getreg command completed successfully.
