The following procedure configures a certification authority (CA) to send e-mail when a certification event occurs.
Membership in Domain Admins or local Administrators, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
 | To send e-mail when a certification event occurs |
At an elevated command prompt, type:
certutil -setreg exit\smtp\<smtpserverServerName>certutil -setreg exit\smtp\<eventfilter +Event>
 | Caution |
|
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up data on your computer. |
The following tables explain the command values and options available for this procedure.
| Value | Description |
|---|---|
|
certutil |
The name of the command-line tool. |
|
-setreg |
Modifies the registry. |
|
exit\smtp\smtpserver |
The registry value that contains the name of the Simple Mail Transfer Protocol (SMTP) server. |
|
exit\smtp\eventfilter |
The registry value that contains the list of events that the CA should monitor. When any of these events occur, the CA will send e-mail. |
|
+ |
Indicates that, if there are current entries stored in this registry value, this entry should be appended to them. |
|
Event |
Specifies the event to add to the list of events for the CA to monitor. An event can be any value in the following table. |
| Event value | Description |
|---|---|
|
ExitEvent_CertIssued |
Specifies the action of issuing a certificate. |
|
ExitEvent_CertPending |
Specifies the action of a certificate request being received by the CA and set to pending. |
|
ExitEvent_CertDenied |
Specifies the action of a certificate request being received by the CA and that request being denied. |
|
ExitEvent_CertRevoked |
Specifies the action of a revocation of an existing certificate. |
|
ExitEvent_CRLIssued |
Specifies the action of a certificate revocation list (CRL) being issued. |
|
ExitEvent_Startup |
Specifies the action of the CA during startup. |
|
ExitEvent_Shutdown |
Specifies the action of the CA during shutdown. |
Additional considerations
-
To open a command prompt, click Start, point to All Programs, click Accessories, and then click Command Prompt.
-
When the ExitEvent_CRLIssued, ExitEvent_Startup, and ExitEvent_Shutdown events occur, the CA does not contain an e-mail address because there is no user associated with this event. Therefore, an e-mail address must be configured when using these events. To configure the e-mail address to send e-mail when these events occur, type the following certutil commands at a command prompt:
E-mailString specifies an e-mail address or a string of e-mail addresses that are separated by semicolons.certutil -setreg exit\smtp\CRLIssued\To<E-mailString> certutil -setreg exit\smtp\Startup\To<E-mailString> certutil -setreg exit\smtp\Shutdown\To<E-mailString>
-
If the SMTP server is not set to accept anonymous connections, the CA must be configured to provide a user name and password when it connects. To configure the CA to authenticate with the SMTP server, type the following certutil commands at a command prompt:
UserName specifies the user name of a valid account on the SMTP server. You will be prompted to provide the password for this user name.certutil -setreg exit\smtp\SMTPAuthenticate 1 certutil -setsmtpinfo<UserName>
-
To view the complete syntax for this command, at a command prompt, type:
certutil -setreg -?
-
For more information about the certutil command-line tool, see the certutil command reference (
https://go.microsoft.com/fwlink/?LinkId=81249 ).