Sending certificate requests to an email address
I can't seem to find where I'd plug in the email address to notify me when a user requests a certificate and I need to approve it. Can anyone tell me?David Jenkins
July 19th, 2012 12:28pm

you can configure default exit module: certutil -setreg exit\smtp\SMTPServer "<ExchangeServerNameOrIP>" :: 1 means to use Basic authentication, 2 means to use NTLM authentication, 0 is for Anonymous authentication certutil -setreg exit\smtp\SMTPAuthenticate 1 certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING certutil -setreg exit\smtp\Pending\From "<EmailAddress>" certutil -setreg exit\smtp\Pending\CC "<EmailAddress>" My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 12:53pm

you can configure default exit module: certutil -setreg exit\smtp\SMTPServer "<ExchangeServerNameOrIP>" :: 1 means to use Basic authentication, 2 means to use NTLM authentication, 0 is for Anonymous authentication certutil -setreg exit\smtp\SMTPAuthenticate 1 certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING certutil -setreg exit\smtp\Pending\From "<EmailAddress>" certutil -setreg exit\smtp\Pending\CC "<EmailAddress>" My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
July 19th, 2012 1:00pm

no, only static fields are allowed.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 3:12pm

Great thank you. For the CC setting is there a way to put the users email address?David Jenkins
July 19th, 2012 3:15pm

no, only static fields are allowed.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 3:18pm

I was thinking of trying to get it to work. I know you can modfiy a template to include the requestors email address. If I take that and add it to the exit module templates then call it with a %%1 (or whatever number it is in the list) I was hoping that would work. My Guess: certutil -setreg exit\smtp\Denied\BodyArg +"Request.Email" certutil -setreg exit\smtp\Denied\CC "%%1" I'm about to test it out.David Jenkins
July 19th, 2012 5:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics