It is very common to check the configuration of any certification authority using certutil –getreg command. The command will allow a CA administrator to view the configured settings at a glance.
But what if you need to configure advanced settings on your CA? How can you find a setting required for your compliance audit?
Well, this is simple! You can still use the common certutil –getreg command but now, add the verbose switch ( -v ). The command’s output will be similar to the screenshot below
As you probably noticed, all supported symbol names are displayed. The ones indented and in parentheses are supported bits that could be set, but currently are not. Any symbol without parentheses is configured on your CA. The symbolic names may be of some help to identify each bit’s purpose. You can perform a quick research on TechNet or MSDN to further understand and deploy each bit.
Amer F. Kamal
Senior Premier Field Engineer
© Microsoft. This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.