(Unattended Installation)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The [CertSrv_Server] section contains entries for specifying the server components of Certificate Services. The entries in this section are supported only for the Microsoft Windows Server 2003.
Required attributes depend on the installation type and configuration.
The computer saves any entries that you specify in this section and processes them only after you restart to configure Certificate Services. They do not process during the Windows setup process.
Answer File Entries for the [CertSrv_Server] Section
Entry | Description |
---|---|
CAType |
Specifies the type of CA to install. |
CSPProvider |
Specifies the name of the Cryptography Service Provider (CSP). |
HashAlgorithm |
Specifies the hash algorithm used by the CA to sign certificates. |
KeyLength |
Specifies the key length for the CA. |
Name |
Specifies the name of the CA. |
ParentCAMachine |
Specifies the computer name with a CA that works as a parent CA with the current subordinate CA installation. |
ParentCAName |
Specifies the parent CA name for the current subordinate CA installation. |
SharedFolder |
Specifies the path to the folder that contains the configuration information for the CA. |
UseSharedFolder |
Specifies whether to use the SharedFolder entry. |
ValidityPeriod |
Specifies the number of periods, measured in units specified by ValidityPeriodUnits, for which the CA is valid. |
ValidityPeriodUnits |
Specifies the units for the validity period of the CA. |
Specifies the type of CA to install.
CAType = EnterpriseRoot | EnterpriseSubordinate | StandaloneRoot | StandaloneSubordinate
Value | Description |
---|---|
EnterpriseRoot |
Type of CA. |
EnterpriseSubordinate |
Type of CA. |
StandaloneRoot |
Type of CA. |
StandaloneSubordinate |
Type of CA. |
[CertSrv_Server]
CAType = EnterpriseSubordinate
The default value is configured programmatically based on the following algorithm:
If Active Directory is available and writable then:
If any CA is in Active Directory then
Default is EnterpriseSubordinate
Else
Default is EnterpriseRoot
Else
Default is StandaloneRoot
You must enter a value for this entry.
Specifies the name of the Cryptography Service Provider (CSP).
CSPProvider = CSP_name
Value | Description |
---|---|
CSP_name |
Name of the CSP. |
[CertSrv_Server]
CSPProvider = MyCSP
The default value is Microsoft Base Cryptographic Provider v1.0.
Specifies the hash algorithm used by the CA to sign certificates. The value is case-sensitive.
HashAlgorithm = hash_algorithm_string_or_algorithm_ID
Value | Description |
---|---|
hash_algorithm_string_or_algorithm_ID |
Name of hash algorithm or algorithm ID. |
[CertSrv_Server]
HashAlgorithm = SHA1
The default value is SHA1. The specified CSP must support the algorithm. The value is not case-sensitive.
Specifies the key length for the CA.
KeyLength = key_length
Value | Description |
---|---|
key_length |
Length of key used by CA. |
[CertSrv_Server]
KeyLength = 128
The default key length for the CSP is used if you do not specify a value.
Specifies the name of the CA.
Name = certification_authority_name
Value | Description |
---|---|
certification_authority_name |
Name of CA. |
[CertSrv_Server]
Name = MyCA
The value is required, is case-sensitive, and can contain a maximum of 64 characters. No default value for the Name entry is provided. Because this is a required field, if you install Certificate Services through a fully unattended installation and you do not provide the value for the Name entry in the answer file, Setup fails with the error code E_INVALIDARG.
Specifies the computer name with a CA that works as a parent CA with the current subordinate CA installation.
ParentCAMachine = parent_computer_name_for_subordinate_CA
Value | Description |
---|---|
parent_computer_name_for_subordinate_CA |
Name of the parent computer if you have a subordinate CA. |
[CertSrv_Server]
ParentCAMachine = CAComputer1
Setup ignores the value if the current CA installation type is not a subordinate CA. The value is not case-sensitive. If you do not define the attribute when setting up a subordinate CA, Setup saves the CA certificate request to a file. Use this entry in combination with ParentCAName.
Specifies the parent CA name for the current subordinate CA installation.
ParentCAName = parent_CA_name_for_subordinate_CA
Value | Description |
---|---|
parent_CA_name_for_subordinate_CA |
Name of the parent CA. |
[CertSrv_Server]
ParentCAName = MyParentCA
Setup ignores the value if the CA type is not the subordinate CA. The value is not case-sensitive. If you do not define the attribute but define ParentCAMachine when setting up a subordinate CA, Setup calls Certificate Services on the parent computer to get the CA name.
Specifies the path to the shared folder containing the configuration information for the CA.
SharedFolder = path_to_folder
Value | Description |
---|---|
path_to_folder |
Path to the shared folder containing the configuration information for the CA. |
[CertSrv_Server]
SharedFolder = %systemdrive%\CAConfig
The default value is the registered shared folder path, if it exists. If a registered shared folder does not exist, the value is in the format of %systemdrive%\CAConfig.
Enclose path_to_folder in quotation marks if it is a long file name.
Specifies whether to use the SharedFolder entry.
UseSharedFolder = Yes | No
Value | Description |
---|---|
Yes |
Use the SharedFolder entry in unattended installations. |
No |
Do not use the SharedFolder entry in unattended installations. |
[CertSrv_Server]
UseSharedFolder = No
The default value is Yes.
Specifies the number of periods, measured in units specified by ValidityPeriodUnits, for which the CA is valid.
ValidityPeriod = number
Value | Description |
---|---|
number |
Number of periods, as specified in ValidityPeriodUnits. |
[CertSrv_Server]
ValidityPeriod = 3
The value must be greater than 0 and less than or equal to 1,000. The default value is 2.
Specifies the units for the validity period of the CA.
ValidityPeriodUnits = Years | Months | Weeks | Days
Value | Description |
---|---|
Years |
Uses years as the unit of measure for ValidityPeriod. |
Months |
Uses months as the unit of measure for ValidityPeriod. |
Weeks |
Uses weeks as the unit of measure for ValidityPeriod. |
Days |
Uses days as the unit of measure for ValidityPeriod. |
[CertSrv_Server]
ValidityPeriodUnits = Months
The default value is Years.