(Remote Installation Services)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
[CertSrv_Server]
The [CertSrv_Server] section contains entries for specifying the server components of Certificate Services. The entries in this section are supported only for the Microsoft Windows Server 2003.
Required attributes depend on the installation type and configuration.
The computer saves any entries that you specify in this section and processes them only after you restart to configure Certificate Services. They do not process during the Windows setup process.
Answer File Entries for the [CertSrv_Server] Section
| Entry | Description |
|---|---|
CAType |
Specifies the type of CA to install. |
CSPProvider |
Specifies the name of the Cryptography Service Provider (CSP). |
HashAlgorithm |
Specifies the hash algorithm used by the CA to sign certificates. |
KeyLength |
Specifies the key length for the CA. |
Name |
Specifies the name of the CA. |
ParentCAMachine |
Specifies the computer name with a CA that works as a parent CA with the current subordinate CA installation. |
ParentCAName |
Specifies the parent CA name for the current subordinate CA installation. |
SharedFolder |
Specifies the path to the folder that contains the configuration information for the CA. |
UseSharedFolder |
Specifies whether to use the SharedFolder entry. |
ValidityPeriod |
Specifies the number of periods, measured in units specified by ValidityPeriodUnits, for which the CA is valid. |
ValidityPeriodUnits |
Specifies the units for the validity period of the CA. |
CAType
Specifies the type of CA to install.
Syntax
CAType = EnterpriseRoot | EnterpriseSubordinate | StandaloneRoot | StandaloneSubordinate
| Value | Description |
|---|---|
EnterpriseRoot |
Type of CA. |
EnterpriseSubordinate |
Type of CA. |
StandaloneRoot |
Type of CA. |
StandaloneSubordinate |
Type of CA. |
Example
[CertSrv_Server]
CAType = EnterpriseSubordinate
Comments
The default value is configured programmatically based on the following algorithm:
If Active Directory is available and writable then:
If any CA is in Active Directory then
Default is EnterpriseSubordinate
Else
Default is EnterpriseRoot Else
Default is StandaloneRoot
You must enter a value for this entry.
CSPProvider
Specifies the name of the Cryptography Service Provider (CSP).
Syntax
CSPProvider = CSP_name
| Value | Description |
|---|---|
CSP_name |
Name of the CSP. |
Example
[CertSrv_Server]
CSPProvider = MyCSP
Comments
The default value is Microsoft Base Cryptographic Provider v1.0.
HashAlgorithm
Specifies the hash algorithm used by the CA to sign certificates. The value is case-sensitive.
Syntax
HashAlgorithm = hash_algorithm_string_or_algorithm_ID
| Value | Description |
|---|---|
hash_algorithm_string_or_algorithm_ID |
Name of hash algorithm or algorithm ID. |
Example
[CertSrv_Server]
HashAlgorithm = SHA1
Comments
The default value is SHA1. The specified CSP must support the algorithm. The value is not case-sensitive.
KeyLength
Specifies the key length for the CA.
Syntax
KeyLength = key_length
| Value | Description |
|---|---|
key_length |
Length of key used by CA. |
Example
[CertSrv_Server]
KeyLength = 128
Comments
The default key length for the CSP is used if you do not specify a value.
Name
Specifies the name of the CA.
Syntax
Name = certification_authority_name
| Value | Description |
|---|---|
certification_authority_name |
Name of CA. |
Example
[CertSrv_Server]
Name = MyCA
Comments
The value is required, is case-sensitive, and can contain a maximum of 64 characters. No default value for the Name entry is provided. Because this is a required field, if you install Certificate Services through a fully unattended installation and you do not provide the value for the Name entry in the answer file, Setup fails with the error code E_INVALIDARG.
ParentCAMachine
Specifies the computer name with a CA that works as a parent CA with the current subordinate CA installation.
Syntax
ParentCAMachine = parent_computer_name_for_subordinate_CA
| Value | Description |
|---|---|
parent_computer_name_for_subordinate_CA |
Name of the parent computer if you have a subordinate CA. |
Example
[CertSrv_Server]
ParentCAMachine = CAComputer1
Comments
Setup ignores the value if the current CA installation type is not a subordinate CA. The value is not case-sensitive. If you do not define the attribute when setting up a subordinate CA, Setup saves the CA certificate request to a file. Use this entry in combination with ParentCAName.
ParentCAName
Specifies the parent CA name for the current subordinate CA installation.
Syntax
ParentCAName = parent_CA_name_for_subordinate_CA
| Value | Description |
|---|---|
parent_CA_name_for_subordinate_CA |
Name of the parent CA. |
Example
[CertSrv_Server]
ParentCAName = MyParentCA
Comments
Setup ignores the value if the CA type is not the subordinate CA. The value is not case-sensitive. If you do not define the attribute but define ParentCAMachine when setting up a subordinate CA, Setup calls Certificate Services on the parent computer to get the CA name.
SharedFolder
Specifies the path to the shared folder containing the configuration information for the CA.
Syntax
SharedFolder = path_to_folder
| Value | Description |
|---|---|
path_to_folder |
Path to the shared folder containing the configuration information for the CA. |
Example
[CertSrv_Server]
SharedFolder = %systemdrive%\CAConfig
Comments
The default value is the registered shared folder path, if it exists. If a registered shared folder does not exist, the value is in the format of %systemdrive%\CAConfig.
Enclose path_to_folder in quotation marks if it is a long file name.
UseSharedFolder
Specifies whether to use the SharedFolder entry.
Syntax
UseSharedFolder = Yes | No
| Value | Description |
|---|---|
Yes |
Use the SharedFolder entry in unattended installations. |
No |
Do not use the SharedFolder entry in unattended installations. |
Example
[CertSrv_Server]
UseSharedFolder = No
Comments
The default value is Yes.
ValidityPeriod
Specifies the number of periods, measured in units specified by ValidityPeriodUnits, for which the CA is valid.
Syntax
ValidityPeriod = number
| Value | Description |
|---|---|
number |
Number of periods, as specified in ValidityPeriodUnits. |
Example
[CertSrv_Server]
ValidityPeriod = 3
Comments
The value must be greater than 0 and less than or equal to 1,000. The default value is 2.
ValidityPeriodUnits
Specifies the units for the validity period of the CA.
Syntax
ValidityPeriodUnits = Years | Months | Weeks | Days
| Value | Description |
|---|---|
Years |
Uses years as the unit of measure for ValidityPeriod. |
Months |
Uses months as the unit of measure for ValidityPeriod. |
Weeks |
Uses weeks as the unit of measure for ValidityPeriod. |
Days |
Uses days as the unit of measure for ValidityPeriod. |
Example
[CertSrv_Server]
ValidityPeriodUnits = Months
Comments
The default value is Years.