Поделиться через

3.1.4.2.15 ICertAdminD2::SetConfigEntry (Opnum 45)

  • Статья

The SetConfigEntry method is used to set the CA's persisted configuration data that is listed in section 3.1.1.10. 

 HRESULT SetConfigEntry(
   [in, string, unique] wchar_t const* pwszAuthority,
   [in, string, unique] wchar_t const* pwszNodePath,
   [in, string, ref] wchar_t const* pwszEntry,
   [in, ref] VARIANT* pVariant
 );

pwszAuthority: See the pwszAuthority definition in section 3.1.4.1.1.

pwszNodePath: A string value that represents the node path for the configuration information. This parameter can be an EMPTY string and MUST NOT be NULL.

pwszEntry: A string value that represents the name of the leaf entry whose information is being set. This value can be an EMPTY string and MUST NOT be NULL.

pVariant: A pointer to VARIANT that specifies the information to set. If this value is EMPTY, the indicated entry MUST be deleted.

The following processing rules apply:

  1. If all arguments are provided, the CA MUST update the configuration with the value provided.

  2. If the configuration value parameter passed in is empty, the indicated configuration entry MUST be deleted.

  3. For each input in the left column of the table below, the CA MUST perform the processing rules in the corresponding cell in the right column. Unless otherwise specified below, changes to these ADM elements made through this method require a CA restart to take effect.

    Input

    Store information as ADM element

    pwszNodePath is EMPTY and pwszEntry is "Security"

    OnNextRestart_Config_Permissions_CA_Security

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "SetupStatus"

    OnNextRestart_Config_Setup_Status

    pwszNodePath is EMPTY and pwszEntry is "UseDS"

    OnNextRestart_Config_CA_Use_DS

    pwszNodePath is EMPTY and pwszEntry is "CAType"

    OnNextRestart_Config_CA_Type

    pwszNodePath is EMPTY and pwszEntry is "KRAFlags"

    OnNextRestart_Config_CA_KRA_Flags

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "Version"

    OnNextRestart_Config_Product_Version

    pwszNodePath is EMPTY and pwszEntry is "CommonName"

    OnNextRestart_Config_CA_Common_Name

    pwszNodePath is EMPTY and pwszEntry is "InterfaceFlags"

    OnNextRestart_Config_CA_Interface_Flags

    pwszEntry is "Provider" and pwszNodePath is "CSP"

    OnNextRestart_Config_CSP_Provider

    pwszEntry is "ProviderType" and pwszNodePath is "CSP"

    OnNextRestart_Config_CSP_ProviderType

    pwszEntry is "HashAlgorithm" and pwszNodePath is "CSP"

    OnNextRestart_Config_CSP_Hash_Algorithm

    pwszEntry is "CNGHashAlgorithm" and pwszNodePath is "CSP"

    OnNextRestart_Config_CSP_CNG_Hash_Algorithm

    pwszNodePath is EMPTY and pwszEntry is "CRLPeriodUnits"

    The numeric value of the Config_Base_CRL_Validity_Period ADM element.

    Changing the value with this method MUST affect the validity period of published base CRLs (the use of this ADM element in sections 3.1.4.1.6 and 3.1.4.2.1) immediately, without a CA restart.

    pwszNodePath is EMPTY and pwszEntry is "CRLPeriod"

    The units of time with which the Config_Base_CRL_Validity_Period ADM element is counted.

    Changing the value with this method MUST affect the validity period of published base CRLs (the use of this ADM element in sections 3.1.4.1.6 and 3.1.4.2.1) immediately, without a CA restart.

    pwszNodePath is EMPTY and pwszEntry is "CRLDeltaPeriodUnits"

    The numeric value of the Config_Delta_CRL_Validity_Period ADM element.

    Changing the value with this method MUST affect the validity period of published delta CRLs (the use of this ADM element in sections 3.1.4.1.6 and 3.1.4.2.1) immediately, without a CA restart.

    pwszNodePath is EMPTY and pwszEntry is "CRLDeltaPeriod"

    The units of time with which the Config_Delta_CRL_Validity_Period ADM element is counted.

    Changing the value with this method MUST affect the validity period of published delta CRLs (the use of this ADM element in sections 3.1.4.1.6 and 3.1.4.2.1) immediately, without a CA restart.

    pwszNodePath is EMPTY and pwszEntry is "CRLNextPublish"

    OnNextRestart_Config_CA_CRL_Next_Publish

    pwszNodePath is EMPTY and pwszEntry is "CRLDeltaNextPublish"

    OnNextRestart_Config_CA_CRL_Delta_Next_Publish

    pwszNodePath is EMPTY and pwszEntry is "AuditFilter"

    OnNextRestart_Config_CA_Audit_Filter

    pwszEntry is "Active" and pwszNodePath is "PolicyModules"

    OnNextRestart_Config_CA_Policy_Algorithm_Implementation

    pwszEntry is "Active" and pwszNodePath is "ExitModules"

    OnNextRestart_Config_CA_Exit_Algorithm_Implementation_List

    pwszNodePath is EMPTY and pwszEntry is "CRLPublicationURLs"

    OnNextRestart_Config_CA_CDP_Publish_To_Base

    OnNextRestart_Config_CA_CDP_Publish_To_Delta

    OnNextRestart_Config_CA_CDP_Include_In_Cert

    OnNextRestart_Config_CA_CDP_Include_In_CRL_Publish_Locations_Extension

    OnNextRestart_Config_CA_CDP_Include_In_CRL_Freshest_CRL_Extension

    OnNextRestart_Config_CA_CDP_Include_In_CRL_IDP_Extension

    pwszNodePath is EMPTY and pwszEntry is "CACertPublicationURLs"

    OnNextRestart_Config_CA_AIA_Include_In_Cert

    OnNextRestart_Config_CA_CACert_Publish_To

    pwszNodePath is EMPTY and pwszEntry is "CRLAttemptRepublish"

    OnNextRestart_Config_CA_CRL_Attempt_Republish

    pwszNodePath is "PolicyModules\CertificateAuthority_MicrosoftDefault.Policy" and pwszEntry is "RequestDisposition"

    OnNextRestart_Config_CA_Requests_Disposition