Send E-mail When a Certification Event Occurs

Applies To: Windows Server 2008 R2

The following procedure configures a certification authority (CA) to send e-mail when a certification event occurs.

Membership in Domain Admins or local Administrators, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

To send e-mail when a certification event occurs

  • At an elevated command prompt, type:

    certutil -setreg exit\smtp\<smtpserverServerName>

    certutil -setreg exit\smtp\<eventfilter +Event>

Warning

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up data on your computer.

The following tables explain the command values and options available for this procedure.

Value Description

certutil

The name of the command-line tool.

-setreg

Modifies the registry.

exit\smtp\smtpserver

The registry value that contains the name of the Simple Mail Transfer Protocol (SMTP) server.

exit\smtp\eventfilter

The registry value that contains the list of events that the CA should monitor. When any of these events occur, the CA will send e-mail.

+

Indicates that, if there are current entries stored in this registry value, this entry should be appended to them.

Event

Specifies the event to add to the list of events for the CA to monitor. An event can be any value in the following table.

Event value Description

ExitEvent_CertIssued

Specifies the action of issuing a certificate.

ExitEvent_CertPending

Specifies the action of a certificate request being received by the CA and set to pending.

ExitEvent_CertDenied

Specifies the action of a certificate request being received by the CA and that request being denied.

ExitEvent_CertRevoked

Specifies the action of a revocation of an existing certificate.

ExitEvent_CRLIssued

Specifies the action of a certificate revocation list (CRL) being issued.

ExitEvent_Startup

Specifies the action of the CA during startup.

ExitEvent_Shutdown

Specifies the action of the CA during shutdown.

Additional considerations

  • To open a command prompt, click Start, point to All Programs, click Accessories, and then click Command Prompt.

  • When the ExitEvent_CRLIssued, ExitEvent_Startup, and ExitEvent_Shutdown events occur, the CA does not contain an e-mail address because there is no user associated with this event. Therefore, an e-mail address must be configured when using these events. To configure the e-mail address to send e-mail when these events occur, type the following certutil commands at a command prompt:

    certutil -setreg exit\smtp\CRLIssued\To<E-mailString>
    certutil -setreg exit\smtp\Startup\To<E-mailString>
    certutil -setreg exit\smtp\Shutdown\To<E-mailString>
    

    E-mailString specifies an e-mail address or a string of e-mail addresses that are separated by semicolons.

  • If the SMTP server is not set to accept anonymous connections, the CA must be configured to provide a user name and password when it connects. To configure the CA to authenticate with the SMTP server, type the following certutil commands at a command prompt:

    certutil -setreg exit\smtp\SMTPAuthenticate 1
    certutil -setsmtpinfo<UserName>
    

    UserName specifies the user name of a valid account on the SMTP server. You will be prompted to provide the password for this user name.

  • To view the complete syntax for this command, at a command prompt, type:

    certutil -setreg -?
    
  • For more information about the certutil command-line tool, see the certutil command reference (https://go.microsoft.com/fwlink/?LinkId=81249).

Additional references