This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
First published on TECHNET on Dec 27, 2012It is very common to check the configuration of any certification authority using certutil –getreg command. The command will allow a CA administrator to view the configured settings at a glance.
But what if you need to configure advanced settings on your CA? How can you find a setting required for your compliance audit?
Well, this is simple! You can still use the common
certutil –getreg
command but now, add the verbose switch (
-v
). The command’s output will be similar to the screenshot below
As you probably noticed, all supported symbol names are displayed. The ones indented and in parentheses are supported bits that could be set, but currently are not. Any symbol without parentheses is configured on your CA. The symbolic names may be of some help to identify each bit’s purpose. You can perform a quick research on TechNet or MSDN to further understand and deploy each bit.
Amer F. Kamal
Senior Premier Field Engineer