Configuring the policy and exit modules

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Configuring the policy and exit modules

The administrator of a certification authority (CA) can configure settings in the default policy and exit modules provided with Certificate Services by using the Certification Authority snap-in.

Policy module setting you can change:

  • The default action of the certification authority upon receiving a valid certificate request. You can specify whether a stand-alone CA will hold incoming certificate requests as Pending or automatically issue the certificate. In most cases, for security reasons, it is recommended that all incoming certificate requests to a stand-alone CA be marked as Pending.

  • For the procedure to change the default action of a certification authority upon receipt of a certificate request, see Set the default action upon receipt of a certificate request.

Exit module settings you can change:

  • Allow certificate publication to the file system. You can select whether to allow the publishing of certificates to the file system. Actual publication will only occur if the certificate request specifies a file system location where the certificate is to be published.

  • For the procedure to allow or disallow the publishing of certificates to the file system, see Publish certificates to the file system.

  • Sends e-mail when a certification event occurs. You can configure the CA to send e-mail when a certification event occurs, such as the issuance of a certificate or when a certificate request is set to pending.

  • To configure e-mail sending options, see Send e-mail when a certification event occurs.

For more information about policy and exit modules, see Policy and exit modules.

If you want to replace the policy module provided with Certificate Services with a custom policy module or a policy module developed for Certificate Server 1.0 and Windows NT 4.0, you must first register the policy module .dll file by typing rgsrv32 yourmodule.dll at a command prompt and then follow the procedure in Select a different policy module.