none
Effect of running certutil -setreg CA\CACertPublicationURLs on existing extensions

    Question

  • If I run this command (I think I might need double percent signs, which I've addressed in another post):

    certutil –setreg CA\CACertPublicationURLs "1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"

    Will it exclude / uncheck the options not configured here (HTTP and File)?

    In my scenario, I want to configure only local file system and LDAP options.

    Also, could I accomplish the exact same thing in/with the GUI?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Sunday, March 11, 2012 5:21 PM

Answers

  • You only need to use double percent signs if the command is used in a batch file.

    certutil –setreg CA\CACertPublicationURLs "1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"

    The command above is going to replace/overwrite the currently configured values. You can edit the current values by using + or - signs in front of the strings to add or delete, like this +"1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt".

    And yes, using the GUI you can add or remove the URLs the same way by using the variables but only one URL at a time

    If you want to keep an URL, set the preceding number to 0 to deactivate all options

    /Hasain

    Sunday, March 11, 2012 6:32 PM

All replies

  • You only need to use double percent signs if the command is used in a batch file.

    certutil –setreg CA\CACertPublicationURLs "1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt\n2:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11"

    The command above is going to replace/overwrite the currently configured values. You can edit the current values by using + or - signs in front of the strings to add or delete, like this +"1:%WINDIR%\System32\CertSrv\CertEnroll\%1_%3%4.crt".

    And yes, using the GUI you can add or remove the URLs the same way by using the variables but only one URL at a time

    If you want to keep an URL, set the preceding number to 0 to deactivate all options

    /Hasain

    Sunday, March 11, 2012 6:32 PM
  • OK, I see for the escape characters. Found more about that here (at end of post):

    http://blogs.technet.com/b/askds/archive/2009/10/13/designing-and-implementing-a-pki-part-ii.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Sunday, March 11, 2012 10:19 PM