If a certification authority is installed, the "Windows Default" exit module is automatically activated. This enables e-mail messages to be sent when certain events occur at the certification authority. However, most companies do not use this feature at all.
But even if the exit module is not used at all, it causes sessions on the certification authority database (see Event no. 46). On Certification Authorities with high load this can be problematic.
If the functions it offers are not used at all (under Windows Server Core the "Windows Default" exit module basically does not work), it can also be disabled completely.
An example project for creating your own exit module can be found in the article "Create an exit module for the certification authority in C#". This provides the possibility to develop an exit module with a range of functions tailored to your own needs.
Procedure
Deactivate exit module
To disable the exit module, simply remove it from the certification authority configuration.
Afterwards, a restart of the certification authority service is required again to apply the changes.
In the registration of the certification authority the configuration of the active exit module is stored in the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\{Common-name-of-the-certification-authority}\ExitModules
If no exit module is configured, the "Active" value is empty accordingly.
Re-enable exit module
In contrast to policy modules, it is also possible - if available - to activate several exit modules simultaneously.
Afterwards, a restart of the certification authority service is required again to apply the changes.
In the registry, the "Active" value is filled again accordingly.
Related links:
- The SMTP Exit module does not work on Windows Server Core
- Certificate or revocation list issuance fails with error code CERTSRV_E_NO_DB_SESSIONS
- Create an exit module for the certification authority in C#
External sources
- Exit Modules - Win32 apps (Microsoft)
- Writing Custom Exit Modules - Win32 apps (Microsoft)
- Managing Policy and Exit Modules (Microsoft)
- Select a Different Exit Module (Microsoft)
- Certificate Services Architecture (Microsoft)
One thought on “Betreiben der Zertifizierungsstelle ohne Exit Modul”
Comments are closed.