다음을 통해 공유

Active Directory Certificate Services SMTP Exit Module for Windows Server 2008 R2 Example

  • 아티클

The following is a Windows Server 2008 and Windows Server 2008 R2 version of the SMTP Exit Module posted at
http://technet.microsoft.com/en-us/library/cc773129(WS.10).aspx

Sample Configuration Batch File

The following batch file can be used as a sample to configure the SMTP exit module capabilities of the CA without editing the registry directly. The SMTP exit module can use various values stored in the CA database. BodyArg is a list of database columns to be defined and later called by variable names such as %%1, %%2, and so on. Variables must be called in sequential order as they are defined.

Note

Before using the batch file below, ensure that you replace the following text with your own values:

  • ExchangeServerNameOrIP with the actual name or IP address of the Exchange Server we want to use.
  • EmailAddress with the administrative email address we want to use for sent from and send to.
  • SMTPAccount with the user account that we want to use for SMTP authentication
  • Password with the actual password of the SMTP account we want to use for authentication
  • Do not remove any of the quotes we see in the batch file. If we don't require a line, then use REM or : to comment that line out.
  • Always test the script on a non-production replica of your network environment before trying on a production system.
  • The following line certutil -setsmtpinfo -p "smtpaccount" password has been remarked out. Clear the REM and replace with the appropriate account name and password, if we need that authentication.
    • certutil -setsmtpinfo can be run interactively if desired and will prompt for a password, to avoid putting the password in a script.
    • While the rest of the configuration is stored in the CertServ service registry, -setsmtpinfo is stored as an LSA Secret

The following text can be used in a batch file to configure the SMTP exit module options on a CA:

REM =================Begin Batch File ==================
@echo off

set emailfrom="EmailAddress"
set emailto="EmailAddress"

:Setup_SMTP_Server // Section for setting the name of the exchange server to be used and type of authentication to be used. 1 means to use NTLM, 2 means to user Kerberos, 0 is for Basic authentication
certutil -setreg exit\smtp\SMTPServer "ExchangeServerNameOrIP"
certutil -setreg exit\smtp\SMTPAuthenticate 0
REM If we need to authenticate to the above SMTP server, set the Username (in quotes) and the password to authenticate with
REM certutil -setsmtpinfo -p <password> "smtpaccount"

:Setup_CA_For_Exit_Module // Section for turning events on or off. In this case, on.
:note // to disable an event, set a minus sign instead of a plus, eg -EXITEVENT_CERTISSUED 
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CRLISSUED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTDENIED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTISSUED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTUNREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTRETRIEVEPENDING
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_SHUTDOWN
certutil -setreg exit\smtp\eventfilter +EXITEVENT_STARTUP

:CrlIssued // Section for setting CRLIssued parameters.
certutil -setreg exit\smtp\CRLissued\To %emailto%
certutil -setreg exit\smtp\CRLissued\From %emailfrom%

:Denied // Section for setting Denied parameters
certutil -setreg exit\smtp\templates\default\Denied\From %emailfrom%
certutil -setreg exit\smtp\templates\default\Denied\To %emailto%

:Certificate_Issued // Section for setting Issued parameters.
certutil -setreg exit\smtp\templates\default\Issued\From %emailfrom%
certutil -setreg exit\smtp\templates\default\Issued\To %emailto%

:Certificate_Pending // Section for setting Pending parameters.
Certutil -setreg exit\smtp\templates\default\Pending\To %emailto%
certutil -setreg exit\smtp\templates\default\Pending\From %emailfrom%

:Certificate_Revoked // Section for setting Revoked parameters.
certutil -setreg exit\smtp\templates\default\Revoked\From %emailfrom%
certutil -setreg exit\smtp\templates\default\Revoked\To %emailto%

:Certificate_Revoked // Section for setting UnRevoked parameters.
certutil -setreg exit\smtp\templates\default\unRevoked\From %emailfrom%
certutil -setreg exit\smtp\templates\default\unRevoked\To %emailto%

:Certificate_Revoked // Section for setting Retrieve Pending parameters.
certutil -setreg exit\smtp\templates\default\retrievepending\From %emailfrom%
certutil -setreg exit\smtp\templates\default\retrievepending\To %emailto%

:Certificate_Authority_Shutdown // Section for setting Shutdown parameters.
certutil -setreg exit\smtp\Shutdown\To %emailto%
certutil -setreg exit\smtp\Shutdown\From %emailfrom%

:Certificate_Authority_Startup // Section for setting Startup parameters.
certutil -setreg exit\smtp\Startup\To %emailto%
certutil -setreg exit\smtp\Startup\From %emailfrom%

net stop certsvc & net start certsvc
echo Certificate Services SMTP Exit module has now been configured.
pause
REM ============ End Batch File ===============