Configuring the Policy and Exit Modules

Applies To: Windows Server 2008 R2

The administrator of a certification authority (CA) can configure settings in the default policy and exit modules provided with Active Directory Certificate Services (AD CS) by using the Certification Authority snap-in.

You can configure the following policy module settings:

  • The default action of the CA upon receiving a valid certificate request. You can specify whether a stand-alone CA will hold incoming certificate requests as pending or automatically issue the certificate. In most cases, for security reasons, it is recommended that all incoming certificate requests to a stand-alone CA be marked as pending.

    To change the default action of a CA upon receipt of a certificate request, see Set the Default Action Upon Receipt of a Certificate Request.

You can configure the following exit module settings:

  • Allow certificate publication to the file system. You can select whether to allow the publishing of certificates to the file system. Actual publication will only occur if the certificate request specifies a file system location where the certificate is to be published.

    To allow or disallow the publishing of certificates to the file system, see Publish Certificates to the File System.

  • Send e-mail when a certification event occurs. You can configure the CA to send e-mail when a certification event occurs, such as the issuance of a certificate or when a certificate request is set to pending.

    To configure options for sending e-mail, see Send E-mail When a Certification Event Occurs.

Additional references