Specifically the MSDN article below shows his to configure ADCS Exit Policy module to send an email on various CA events, such as revocation or issuing
First we need to configure the SMTP server:
The default port is 25.
Set the event filters - which specifies to which events we want to subscribe:
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CRLISSUED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTDENIED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTISSUED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTUNREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_SHUTDOWN
certutil -setreg exit\smtp\eventfilter +EXITEVENT_STARTUP
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTDENIED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTISSUED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTPENDING
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_CERTUNREVOKED
certutil -setreg exit\smtp\eventfilter +EXITEVENT_SHUTDOWN
certutil -setreg exit\smtp\eventfilter +EXITEVENT_STARTUP
Update one of templates:
It has to contain valid To and From values.
One can write a small SMTP service that parses the incoming mail messages and triggers actions accordingly. It is easier than writing your own exit module.
If the SMTP connection fails for some reason, ADCS will write the error in the event log.
Tags
ADCS