Send e-mail when a certification event occurs
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To send e-mail when a certification event occurs
Open Command Prompt.
Type:
certutil -setreg exit\smtp\smtpserverServerName
and then type:
**certutil -setreg exit\smtp\eventfilter +**Event
| Value | Description |
|---|---|
certutil |
Specifies the name of the command-line program. |
-setreg |
Modifies the registry. |
exit\smtp\smtpserver |
Indicates the registry value that contains the name of the Simple Mail Transfer Protocol (SMTP) server. |
exit\smtp\eventfilter |
Indicates the registry value that contains the list of events that the certification authority (CA) should monitor. When any of these events occur, the CA will send e-mail. |
+ |
Indicates that, if there are current entries stored in this registry value, this entry should be appended to them. |
Event |
Specifies the event to add to the list of events for the CA to monitor. An event can be any value in the following table: |
| Event value | Description |
|---|---|
ExitEvent_CertIssued |
Specifies the action of issuing a certificate. |
ExitEvent_CertPending |
Specifies the action of a certificate request being received by the CA and set to Pending. |
ExitEvent_CertDenied |
Specifies the action of a certificate request being received by the CA and that request being denied. |
ExitEvent_CertRevoked |
Specifies the action of a revocation of an existing certificate. |
ExitEvent_CRLIssued |
Specifies the action of a certificate revocation list being issued. |
ExitEvent_Startup |
Specifies the action of the certification authority starting. |
ExitEvent_Shutdown |
Specifies the action of the certification authority shutting down. |
Caution
- Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
When the ExitEvent_CRLIssued, ExitEvent_Startup and ExitEvent_Shutdown events occur, the CA does not know where to send the e-mail, as there is no user associated with this event. Therefore, an e-mail address must be configured when using these events. To configure the e-mail address to send e-mail to when these events occur, type the following certutil.exe commands at a command prompt:
certutil -setreg exit\smtp\CRLIssued\ToE-mailString
certutil -setreg exit\smtp\Startup\ToE-mailString
certutil -setreg exit\smtp\Shutdown\ToE-mailString
E-mailString specifies an e-mail address or a string of e-mail addresses that are separated by semicolons.
If the SMTP server is not set to accept anonymous connections, the CA must be configured to provide a user name and password when it connects. To configure the CA to authenticate with the SMTP server, type the following certutil.exe commands at a command prompt:
certutil -setreg exit\smtp\SMTPAuthenticate 1
certutil -setsmtpinfoUserName
UserName specifies the user name of a valid account on the SMTP server. Certutil will prompt you to provide the password for this user name.
To view the complete syntax for this command, at a command prompt, type:
certutil -setreg -?
For more information about configuring a certification authority for e-mail, see "Designing a Public Key Infrastructure" at the Microsoft Windows Resource Kits Web site.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.