CRL Distribution Point Replacement Token
Applies To: Windows Server 2003 with SP1
Replacement tokens are used to retain the configuration of distribution points flexible. You can use replacement tokens in the CAPolicy.inf file and in the Certification Authority MMC in CA Extensions.
A replacement token consists of the percent sign and a number. This behavior occurs if you use replacement tokens in the Certificate Services MMC or if you use them in a certutil command. If replacement tokens are used in a batch file, and you use the percent sign (%), you must use another escape sign when needed, because the Windows shell typically interprets a percent sign as a command-line parameter.
The mapping of replacement tokens is different in versions of Windows later than Windows 2000 Server. For more information and a list of replacement tokens that are valid on computers that are running Windows 2000, see Article 283119, Error Message: A Replacement Token Entered Does Not Match Any Recognized Token in the Microsoft Knowledge Base.
You can use the following tokens for CRLDistributionPoint, AuthorityInformationAccess, and CrossCertificateDistributionPointsExtension URLs.
Table 23 CRL Distribution Point Replacement Tokens
| Token name | Description | Windows 2000 map value | Windows Server 2003 map value |
|---|---|---|---|
ServerDNSName |
The DNS name of the CA server |
%1 |
%1 |
ServerShortName |
The NetBIOS name of the CA server |
%2 |
%2 |
CaName |
The name of the CA |
%3 |
%3 |
Cert_Suffix |
The renewal extension of the CA |
%4 |
N/A |
CertificateName |
|
N/A |
%4 |
Domain_Name |
The location of the domain root in Active Directory |
%5 |
N/A |
(Not used) |
|
N/A |
%5 |
ConfigurationContainer |
The location of the configuration container in Active Directory |
%6 |
%6 |
CATruncatedName |
The "sanitized" name of the CA, 32 characters with a hash on the end |
%7 |
%7 |
CRLNameSuffix |
The renewal extension for the CRL |
%8 |
%8 |
DeltaCRLAllowed |
|
|
%9 |
CDPObjectClass |
|
|
%10 |
CAObjectClass |
|
|
%11 |
The Certification Server setup process replaces all %number% sequences with the appropriate value.