Effect of running certutil -setreg CA\CACertPublicationURLs on existing extensions
-
Sunday, March 11, 2012 5:21 PM
If I run this command (I think I might need double percent signs, which I've addressed in another post):
certutil –setreg CA\CACertPublicationURLs "1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"
Will it exclude / uncheck the options not configured here (HTTP and File)?
In my scenario, I want to configure only local file system and LDAP options.
Also, could I accomplish the exact same thing in/with the GUI?
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
All Replies
-
Sunday, March 11, 2012 6:32 PM
You only need to use double percent signs if the command is used in a batch file.
certutil –setreg CA\CACertPublicationURLs "1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"
The command above is going to replace/overwrite the currently configured values. You can edit the current values by using + or - signs in front of the strings to add or delete, like this +"1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt".
And yes, using the GUI you can add or remove the URLs the same way by using the variables but only one URL at a time
If you want to keep an URL, set the preceding number to 0 to deactivate all options
/Hasain
- Marked As Answer by Le Pivert Sunday, March 11, 2012 10:19 PM
-
Sunday, March 11, 2012 10:19 PM
OK, I see for the escape characters. Found more about that here (at end of post):
http://blogs.technet.com/b/askds/archive/2009/10/13/designing-and-implementing-a-pki-part-ii.aspx
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
.png)
