Query for Advanced CA Configuration Options

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

First published on TECHNET on Dec 27, 2012

It is very common to check the configuration of any certification authority using certutil –getreg command. The command will allow a CA administrator to view the configured settings at a glance.




But what if you need to configure advanced settings on your CA? How can you find a setting required for your compliance audit?



Well, this is simple! You can still use the common certutil –getreg command but now, add the verbose switch ( -v ). The command’s output will be similar to the screenshot below


As you probably noticed, all supported symbol names are displayed. The ones indented and in parentheses are supported bits that could be set, but currently are not. Any symbol without parentheses is configured on your CA. The symbolic names may be of some help to identify each bit’s purpose. You can perform a quick research on TechNet or MSDN to further understand and deploy each bit.


Amer F. Kamal


Senior Premier Field Engineer


Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.