1) The output from certutil -getreg ca C:\Windows\system32>certutil -getreg ca HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\smmt- IF-SRV01-CA: Keys: CSP EncryptionCSP ExitModules PolicyModules Values: DSConfigDN REG_SZ = CN=Configuration,DC=smmt,DC=co,DC=uk DSDomainDN REG_SZ = DC=smmt,DC=co,DC=uk ViewAgeMinutes REG_DWORD = 10 (16) ViewIdleMinutes REG_DWORD = 8 CAType REG_DWORD = 0 ENUM_ENTERPRISE_ROOTCA -- 0 UseDS REG_DWORD = 1 ForceTeletex REG_DWORD = 12 (18) ENUM_TELETEX_AUTO -- 2 ENUM_TELETEX_UTF8 -- 10 (16) SignedAttributes REG_MULTI_SZ = 0: RequesterName EKUOIDsForPublishExpiredCertInCRL REG_MULTI_SZ = 0: 1.3.6.1.5.5.7.3.3 Code Signing 1: 1.3.6.1.4.1.311.61.1.1 Kernel Mode Code Signing CommonName REG_SZ = smmt-IF-SRV01-CA Enabled REG_DWORD = 1 PolicyFlags REG_DWORD = 0 CertEnrollCompatible REG_DWORD = 0 CRLEditFlags REG_DWORD = 100 (256) EDITF_ENABLEAKIKEYID -- 100 (256) CRLFlags REG_DWORD = 2 CRLF_DELETE_EXPIRED_CRLS -- 2 InterfaceFlags REG_DWORD = 41 (65) IF_LOCKICERTREQUEST -- 1 IF_NOREMOTEICERTADMINBACKUP -- 40 (64) EnforceX500NameLengths REG_DWORD = 1 SubjectTemplate REG_MULTI_SZ = 0: EMail 1: CommonName 2: OrganizationalUnit 3: Organization 4: Locality 5: State 6: DomainComponent 7: Country ClockSkewMinutes REG_DWORD = a (10) LogLevel REG_DWORD = 3 HighSerial REG_DWORD = 0 CAServerName REG_SZ = IF-SRV01.smmt.co.uk ValidityPeriod REG_SZ = Years ValidityPeriodUnits REG_DWORD = 2 CAXchgCertHash REG_MULTI_SZ = KRACertHash REG_MULTI_SZ = KRACertCount REG_DWORD = 0 KRAFlags REG_DWORD = 0 CRLPublicationURLs REG_MULTI_SZ = 0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl CSURL_SERVERPUBLISH -- 1 CSURL_SERVERPUBLISHDELTA -- 40 (64) 1: 79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10 CSURL_SERVERPUBLISH -- 1 CSURL_ADDTOCERTCDP -- 2 CSURL_ADDTOFRESHESTCRL -- 4 CSURL_ADDTOCRLCDP -- 8 CSURL_SERVERPUBLISHDELTA -- 40 (64) 2: 0:http://%1/CertEnroll/%3%8%9.crl 3: 0:file://%1/CertEnroll/%3%8%9.crl CRLPeriod REG_SZ = Years CRLPeriodUnits REG_DWORD = a (10) CRLOverlapPeriod REG_SZ = Hours CRLOverlapUnits REG_DWORD = 0 CRLDeltaPeriod REG_SZ = Days CRLDeltaPeriodUnits REG_DWORD = 1 CRLDeltaOverlapPeriod REG_SZ = Minutes CRLDeltaOverlapUnits REG_DWORD = 0 CAXchgValidityPeriod REG_SZ = Weeks CAXchgValidityPeriodUnits REG_DWORD = 1 CAXchgOverlapPeriod REG_SZ = Days CAXchgOverlapPeriodUnits REG_DWORD = 1 MaxIncomingMessageSize REG_DWORD = 10000 (65536) MaxIncomingAllocSize REG_DWORD = 10000 (65536) CACertPublicationURLs REG_MULTI_SZ = 0: 1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt CSURL_SERVERPUBLISH -- 1 1: 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11 CSURL_SERVERPUBLISH -- 1 CSURL_ADDTOCERTCDP -- 2 2: 0:http://%1/CertEnroll/%1_%3%4.crt 3: 0:file://%1/CertEnroll/%1_%3%4.crt CACertHash REG_MULTI_SZ = 0: 74 85 5b 0d 4a 00 59 18 56 35 b7 e2 44 7b 33 b4 c6 8e e6 86 Security REG_BINARY = Allow CA Administrator BUILTIN\Administrators Allow Certificate Manager BUILTIN\Administrators Allow CA Administrator SMMT\Domain Admins Allow Certificate Manager SMMT\Domain Admins Allow CA Administrator SMMT\Enterprise Admins Allow Certificate Manager SMMT\Enterprise Admins Allow Enroll NT AUTHORITY\Authenticated Users SetupStatus REG_DWORD = 1 SETUP_SERVER_FLAG -- 1 CRLNextPublish REG_BINARY = 22/06/2031 12:50 CRLDeltaNextPublish REG_BINARY = 29/06/2021 15:15 CRLAttemptRepublish REG_DWORD = 0 CertUtil: -getreg command completed successfully.