Send E-mail When a Certification Event Occurs
Applies To: Windows Server 2008
The following procedure configures a certification authority (CA) to send e-mail when a certification event occurs.
Membership in Domain Admins or local Administrators, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To send e-mail when a certification event occurs
At an elevated command prompt, type:
certutil -setreg exit\smtp\<smtpserverServerName>certutil -setreg exit\smtp\<eventfilter +Event>
Warning
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up data on your computer.
The following tables explain the command values and options available for this procedure.
| Value | Description |
|---|---|
certutil |
The name of the command-line tool. |
-setreg |
Modifies the registry. |
exit\smtp\smtpserver |
The registry value that contains the name of the Simple Mail Transfer Protocol (SMTP) server. |
exit\smtp\eventfilter |
The registry value that contains the list of events that the CA should monitor. When any of these events occur, the CA will send e-mail. |
+ |
Indicates that, if there are current entries stored in this registry value, this entry should be appended to them. |
Event |
Specifies the event to add to the list of events for the CA to monitor. An event can be any value in the following table. |
| Event value | Description |
|---|---|
ExitEvent_CertIssued |
Specifies the action of issuing a certificate. |
ExitEvent_CertPending |
Specifies the action of a certificate request being received by the CA and set to pending. |
ExitEvent_CertDenied |
Specifies the action of a certificate request being received by the CA and that request being denied. |
ExitEvent_CertRevoked |
Specifies the action of a revocation of an existing certificate. |
ExitEvent_CRLIssued |
Specifies the action of a certificate revocation list (CRL) being issued. |
ExitEvent_Startup |
Specifies the action of the CA during startup. |
ExitEvent_Shutdown |
Specifies the action of the CA during shutdown. |
Additional considerations
To open a command prompt, click Start, point to All Programs, click Accessories, and then click Command Prompt.
When the ExitEvent_CRLIssued, ExitEvent_Startup, and ExitEvent_Shutdown events occur, the CA does not contain an e-mail address because there is no user associated with this event. Therefore, an e-mail address must be configured when using these events. To configure the e-mail address to send e-mail when these events occur, type the following certutil commands at a command prompt:
certutil -setreg exit\smtp\CRLIssued\To<E-mailString> certutil -setreg exit\smtp\Startup\To<E-mailString> certutil -setreg exit\smtp\Shutdown\To<E-mailString>E-mailString specifies an e-mail address or a string of e-mail addresses that are separated by semicolons.
If the SMTP server is not set to accept anonymous connections, the CA must be configured to provide a user name and password when it connects. To configure the CA to authenticate with the SMTP server, type the following certutil commands at a command prompt:
certutil -setreg exit\smtp\SMTPAuthenticate 1 certutil -setsmtpinfo<UserName>UserName specifies the user name of a valid account on the SMTP server. You will be prompted to provide the password for this user name.
To view the complete syntax for this command, at a command prompt, type:
certutil -setreg -?For more information about the certutil command-line tool, see the certutil command reference (https://go.microsoft.com/fwlink/?LinkId=81249).