Udostępnij za pośrednictwem


Contents of \\Localhost\CertConfig and \\Localhost\CertEnroll

Applies To: Windows Server 2003 with SP1

Because more than one certificate file exists in the \CertConfig and \CertEnroll share after a period of time, the following table explains the certificate file name extensions and their purpose. If the CA name is used as part of a file name, the sanitized CA name adds additional escape characters in order to accommodate any extended ASCII characters in the file name. The escape characters appear in the file name as %20.

Table 21 Certificate Paths and File Name Extensions

Example of the file name Description

\\Localhost\CertConfig\Certsrv.txt

CA configuration file

\\Localhost\CertConfig\Certsrv.bak

Previous CA configuration file if the CA has been reinstalled

\\Localhost\CertConfig\CAname.req

\\Localhost\CertConfig\CAname(1).req

Request file that is used to generate the CA certificate. Request files are used only for subordinate CAs. Request files are generated with the same base file name suffix as certificates.

SystemDriveAndSystemroot\\CAname.req

SystemDriveAndSystemroot\\CAname(1).req

If no shared folder was created during the CA setup procedure and Active Directory is used to publish the CAs configuration information, request files are written to the Systemroot drive instead of to the \\Localhost\CertConfig file.

To verify where the configuration information is published, at a command prompt, type certutil –getreg CA\UseDS. If the value is set to 0, the configuration information is written to the shared folder. If the value is set to 1, the configuration is maintained in Active Directory.)

\\Localhost\CertConfig\CAname.crt

\\Localhost\CertEnroll\CAname.crt

Original root CA certificate (V0.0)

\\Localhost\CertConfig\CAname(1).crt

\\Localhost\CertEnroll\CAname(1).crt

Renewed root CA certificate (V1.0)

\\Localhost\CertConfig\CAname(0-1).crt

\\Localhost\CertEnroll\CAname(0-1).crt

Cross certificate for CA certificate V0.0 to V1.0

\\Localhost\CertConfig\CAname(1-0).crt

\\Localhost\CertEnroll\CAname(1-0).crt

Cross certificate for CA certificate V1.0 to V0.0

\\Localhost\CertConfig\CAname(2).crt

\\Localhost\CertEnroll\CAname(2).crt

renewed root CA cert (V2.0)

\\Localhost\CertEnroll\CAname.crl

CA base revocation list

\\Localhost\CertEnroll\CAname(1).crl

CA base revocation list (first instance)

\\Localhost\CertEnroll\Caname+.crl

Delta CRL

\\Localhost\CertEnroll\Caname(1)+.crl

Delta CRL (first instance)

The cross-certificates are automatically generated when the Certificates service starts after renewing a root CA certificate with a new key. Cross-certificates are not created for subordinate CAs, and it does not occur when a root certificate is renewed with the same key. If you upgrade from Windows 2000 Server after renewing a root CA certificate with a new key, the cross certificate is generated the first time that the certificate server service starts after you upgrade to Windows Server 2003.

The following sample is an example of \\Localhost\Certenroll after a clean root CA installation.

C:\>dir \\Localhost\certenroll
  Volume in drive \\Localhost\certenroll has no label.
  Volume Serial Number is CC0E-CACB
  Directory of \\Localhost\certenroll
06/12/2002  11:57 AM    <DIR>          .
06/12/2002  11:57 AM    <DIR>          ..
06/12/2002  11:32 AM              1,299 concorp-
ca-00_CorporateRootCA.crt
06/12/2002  11:32 AM               925 CorporateRootCA.crl
06/12/2002  11:32 AM               321 nsrev_CorporateRootCA.asp
               3 File(s)          2,545 bytes
               2 Dir(s)   4,478,095,360 bytes free

The following sample is an example of \\Localhost\Certconfig after a clean root CA installation.

C:\>dir \\localhost\certconfig
Volume in drive \\localhost\certconfig has no label.
Volume Serial Number is CC0E-CACB
Directory of \\localhost\certconfig
06/12/2002  12:28 PM    <DIR>          .
06/12/2002  12:28 PM    <DIR>          ..
06/12/2002  11:32 AM               105 certsrv.bak
06/12/2002  11:32 AM               216 certsrv.txt
06/12/2002  11:32 AM             1,299 concorp-
ca-00_CorporateRootCA.crt
               3 File(s)          1,620 bytes
               2 Dir(s)   4,478,095,360 bytes free

The following sample is an example of \\Localhost\Certenroll after the two key renewals on a CA.

C:\>dir \\localhost\certenroll
  Volume in drive \\localhost\certenroll has no label.
  Volume Serial Number is CC0E-CACB
  Directory of \\localhost\certenroll
06/11/2002  07:48 PM    <DIR>           .
06/11/2002  07:48 PM    <DIR>           ..
06/11/2002  05:31 PM             1,338 concorp-
ca-00_CorporateRootCA(1).crt
06/11/2002  05:31 PM             1,928 concorp-ca-00_CorporateRootCA
(0-1).crt
06/11/2002  05:31 PM             1,940 concorp-ca-00_CorporateRootCA
(1-0).crt
06/11/2002  07:48 PM             1,338 concorp-
ca-00_CorporateRootCA(2).crt
06/11/2002  11:57 AM             1,299 concorp-
ca-00_CorporateRootCA.crt
06/11/2002  05:31 PM               943 CorporateRootCA(1).crl
06/11/2002  05:32 PM               938 CorporateRootCA.crl
06/11/2002  11:57 AM               321 nsrev_CorporateRootCA.asp
               8 File(s)         10,045 bytes
               2 Dir(s)   4,481,171,456 bytes free

The following sample is an example of \\Localhost\Certconfig after two key renewals on a CA.

C:\>dir \\localhost\certconfig
  Volume in drive \\localhost\certconfig has no label.
  Volume Serial Number is CC0E-CACB
  Directory of \\localhost\certconfig
06/11/2002  07:48 PM    <DIR>           .
06/11/2002  07:48 PM    <DIR>           ..
06/11/2002  11:27 AM           105 certsrv.bak
06/11/2002  11:57 AM           216 certsrv.txt
06/11/2002  05:31 PM             1,928 concorp-ca-00_CorporateRootCA
(0-1).crt
06/11/2002  05:31 PM           1,338 concorp-
ca-00_CorporateRootCA(1).crt
06/11/2002  05:31 PM           1,940 concorp-ca-00_CorporateRootCA
(1-0).crt
06/11/2002  07:48 PM           1,338 concorp-
ca-00_CorporateRootCA(2).crt
06/11/2002  11:57 AM           1,299 concorp-
ca-00_CorporateRootCA.crt
04/24/2002  10:53 AM           1,942 connoam-ca-00_CONNOAM-CA-00.req
           8 File(s)           10,106 bytes
           2 Dir(s)   4,481,171,456 bytes free