The administrator of a certification authority (CA) can configure settings in the default policy and exit modules provided with Active Directory Certificate Services (AD CS) by using the Certification Authority snap-in.
You can configure the following policy module settings:
- The default action of the CA upon receiving a
valid certificate request. You can specify whether a stand-alone CA
will hold incoming certificate requests as pending or automatically
issue the certificate. In most cases, for security reasons, it is
recommended that all incoming certificate requests to a stand-alone
CA be marked as pending.
To change the default action of a CA upon receipt of a certificate request, see Set the Default Action Upon Receipt of a Certificate Request.
You can configure the following exit module settings:
- Allow certificate publication to the file
system. You can select whether to allow the publishing of
certificates to the file system. Actual publication will only occur
if the certificate request specifies a file system location where
the certificate is to be published.
To allow or disallow the publishing of certificates to the file system, see Publish Certificates to the File System.
- Send e-mail when a certification event
occurs. You can configure the CA to send e-mail when a
certification event occurs, such as the issuance of a certificate
or when a certificate request is set to pending.
To configure options for sending e-mail, see Send E-mail When a Certification Event Occurs.