Sending certificate requests to an email address
I can't seem to find where I'd plug in the email address to notify me when a user requests a certificate and I need to approve it. Can anyone tell me?David Jenkins
July 19th, 2012 12:28pm
you can configure default exit module:
certutil -setreg exit\smtp\SMTPServer "<ExchangeServerNameOrIP>"
:: 1 means to use Basic authentication, 2 means to use NTLM authentication, 0 is for Anonymous authentication
certutil -setreg exit\smtp\SMTPAuthenticate 1
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING
certutil -setreg exit\smtp\Pending\From "<EmailAddress>"
certutil -setreg exit\smtp\Pending\CC "<EmailAddress>"
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 12:53pm
you can configure default exit module:
certutil -setreg exit\smtp\SMTPServer "<ExchangeServerNameOrIP>"
:: 1 means to use Basic authentication, 2 means to use NTLM authentication, 0 is for Anonymous authentication
certutil -setreg exit\smtp\SMTPAuthenticate 1
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING
certutil -setreg exit\smtp\Pending\From "<EmailAddress>"
certutil -setreg exit\smtp\Pending\CC "<EmailAddress>"
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
July 19th, 2012 1:00pm
no, only static fields are allowed.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 3:12pm
Great thank you.
For the CC setting is there a way to put the users email address?David Jenkins
July 19th, 2012 3:15pm
no, only static fields are allowed.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 3:18pm
I was thinking of trying to get it to work.
I know you can modfiy a template to include the requestors email address. If I take that and add it to the exit module templates then call it with a %%1 (or whatever number it is in the list) I was hoping that would work.
My Guess:
certutil -setreg exit\smtp\Denied\BodyArg +"Request.Email"
certutil -setreg exit\smtp\Denied\CC "%%1"
I'm about to test it out.David Jenkins
July 19th, 2012 5:15pm