1
00:00:06,820 --> 00:00:15,010
More advanced deployments of CIA hierarchies may require you to configure and manage policy and exit

2
00:00:15,010 --> 00:00:25,930
modules on your CIA policy and exit modules exist on every CIA stand alone or enterprise each C has

3
00:00:25,930 --> 00:00:35,710
default policy and exit modules and in most scenarios will not have to configure release modules you

4
00:00:35,710 --> 00:00:39,360
can manage both policy and text modules.

5
00:00:39,400 --> 00:00:48,900
If you use the certification authority council for more complex configuration however you must use the

6
00:00:48,910 --> 00:00:58,260
search tool command line to know what is policy module a policy module determines the action that the

7
00:00:58,280 --> 00:01:03,330
C performs after it receives the certificate to request.

8
00:01:03,470 --> 00:01:13,820
You can configure a default policy module to put every cert request in a band and stayed until an administrator

9
00:01:14,330 --> 00:01:16,640
approves or denies it.

10
00:01:16,760 --> 00:01:24,500
The behavior of the default policy module is to issue a certificate if the surgeons in the certificate

11
00:01:24,500 --> 00:01:26,460
template allow it.

12
00:01:26,510 --> 00:01:35,260
However you can install a custom policy module to do other tasks when the CIA receives this certificate

13
00:01:35,270 --> 00:01:46,820
request for example if you install Microsoft Identity Manager 2016 certificate management in your internal

14
00:01:46,820 --> 00:01:56,030
PGI you will have to deploy the MMS certificate management policy module on your receipt that issue

15
00:01:56,030 --> 00:02:06,560
certificates Mame 2016 can manage certificate issuance through workflows the main certificate management

16
00:02:06,560 --> 00:02:17,090
policy module forwards each request for a certificate that is managed by Mame 2016 certificate management

17
00:02:17,600 --> 00:02:30,010
to Mame 2016 64 certificate management when a senior receives the request after the member floor processes

18
00:02:30,070 --> 00:02:40,240
the request it issues the certificate or denies the request the certificate management policy module

19
00:02:40,510 --> 00:02:50,440
also specifies the signature certificate some print for regions that pass certificate requests from

20
00:02:50,440 --> 00:03:00,730
users to oversee each request that the C signs were there some print specified in the main certificate

21
00:03:00,730 --> 00:03:09,780
management policy module passes to the main workflow before it issues the certificate.

22
00:03:09,910 --> 00:03:19,030
This is one example of using the custom policy module but other third party applications might also

23
00:03:19,030 --> 00:03:21,820
use custom policy modules.

24
00:03:21,820 --> 00:03:26,260
So what is an exit module exit module.

25
00:03:26,680 --> 00:03:35,740
Unlike the policy module the exit module determines what happens with a certificate after the C issues

26
00:03:35,770 --> 00:03:43,990
it the most common actions are to send an email or publish a certificate file.

27
00:03:44,470 --> 00:03:52,530
These actions are possible even with a default exit module on each C however.

28
00:03:52,660 --> 00:04:00,430
You can also deploy a custom policy module to use the same example as a policy module.

29
00:04:00,430 --> 00:04:08,710
If you deploy in 2006 students certification management in your environment you also will have to deploy

30
00:04:09,010 --> 00:04:15,840
a custom exit module to Yossi the exit module forwards.

31
00:04:15,890 --> 00:04:26,140
Data about each issued certificate to Microsoft sequel server that is specified in the exit module if

32
00:04:26,140 --> 00:04:33,280
your right information about the issued certificates to a computer that is run and sequel server Mame

33
00:04:33,540 --> 00:04:42,940
sort of certificate management kind view and monitor the issued certificates without direct interaction

34
00:04:42,940 --> 00:04:45,820
with the CIA database.

35
00:04:46,000 --> 00:04:54,130
NCAA can use multiple exit modules so more attorneys look unlike the policy module where you can have

36
00:04:55,030 --> 00:05:03,640
only one active policy module at a time for example if you want to send an email to a specific address

37
00:05:04,030 --> 00:05:13,000
each time they say issues a certificate you have to use search you steal to specify this sentence because

38
00:05:13,090 --> 00:05:18,100
they are not available in it in the C administrator council.

39
00:05:18,130 --> 00:05:25,600
First you should specify the simple mail transfer protocol server that is the use to send emails which

40
00:05:25,600 --> 00:05:29,710
you can do by running the following search tool command.

41
00:05:29,710 --> 00:05:38,290
You have to type search to till then searched rich exit backslash awesome to be backslash and the name

42
00:05:38,290 --> 00:05:39,120
of the server.

43
00:05:41,600 --> 00:05:50,360
And you have to enter the fully qualified to my name of your email server after this you have to specify

44
00:05:50,360 --> 00:05:57,460
the wound and email address to reach the notification is sent by type in the following command search

45
00:05:57,590 --> 00:06:10,970
to deal dash set wretch exit backslash awesome to be backslash C arrive issued backslash to and email

46
00:06:10,970 --> 00:06:19,860
stream the exit module on the C that is configured to send emails on any wound does not use as empty

47
00:06:19,860 --> 00:06:27,500
P authentication if you if your assumed to be server requires authentication you have to configure it

48
00:06:27,920 --> 00:06:37,830
on the C side by typing the following command search your deal and you have to specify set range parameter

49
00:06:37,830 --> 00:06:46,970
and set a sim to be in for parameter where the user name specifies the user name of a well it account

50
00:06:47,270 --> 00:06:54,830
on the ASM to be server you will receive a prompt to provide the password for this user name besides

51
00:06:54,890 --> 00:07:02,270
send in notification emails when they see issues a certificate you can also configure an exit module

52
00:07:02,270 --> 00:07:12,330
to send notifications over the following events you can send notifications on certificate to request

53
00:07:12,330 --> 00:07:23,710
an abandoned state certificate to request denial certificate revocation CRL issuance CAA service startup

54
00:07:23,850 --> 00:07:31,650
and see a service shut down if you want to configure an exit module to publish certificates to a file

55
00:07:31,650 --> 00:07:40,890
system you can use the CIA management council to open the properties of the exit module after you enable

56
00:07:41,130 --> 00:07:49,890
the allow with certificates to be published to the file system option and restore the CEA certificates

57
00:07:50,130 --> 00:08:01,920
that issue from the from that seek corporate to the DOT sir file in the Windows system 32 backslash

58
00:08:02,010 --> 00:08:11,380
search and roll folder all they see however for this to a cure or the certificate requesters must include

59
00:08:11,380 --> 00:08:21,270
a cert file colon true attribute in their request if you deploy custom exit modules their configuration

60
00:08:22,200 --> 00:08:29,610
might be possible through the senior management council of or with some other tool.