From 389 Directory Server
The Auto Enrollment Proxy stores its configuration settings in the windows registry, underneath the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Red Hat\RHCSProxy\Config
The following values are supported:
| Name | Description | Example |
| RequestType | A string describing the type of Certificate Request to send to the CA. The only supported value is 'PKCS10' | PKCS10 |
| LogOptions | An decimal integer representing a bitmask of all the selected log options (stored in a string type in the registry) | 503 |
| ICertRequestD2 | A DWORD value, either 0 or 1. If set to 1, expose additional functionality of the ICertRequestD2 interface. This is currently not supported | 0 |
| AuthenticationCertificate | A hash of the chosen certificate to use for SSL Client Authentication to the CA (as returned by the .NET GetCertHashString method) | |
| CACertificate | A binary value. The contents of this value is the DER encoded binary CA certificate which the the proxy is proxying to. | |
| RetryInterval | A DWORD value. The number of seconds to wait before trying to use a CA which was previously failing. |
Certificate Authorities
Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Red Hat\RHCSProxy\Config\CertificateAuthorities
Are sub-keys for each of the configured CA's, for example:
[HKEY_LOCAL_MACHINE\SOFTWARE\Red Hat\RHCSProxy\Config\CertificateAuthorities\1] "hostname"="mouse.dsdev.sjc.redhat.com" "port"="7443" "catype"="3"
Profile Maps
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Red Hat\RHCSProxy\Config\ProfileMap
Are sub-keys for 'Profile Maps'. There is no UI exposed for this functionality yet. Profile maps are simply a way to map a windows certificate template name onto a Red Hat Certificate System certificate profile name.
Simply create a subkey with the name of the Windows template (in the example below, WebServer). Then create a String value called 'CAProfileName' and set the value to the Red Hat Certificate System profile name.
[HKEY_LOCAL_MACHINE\SOFTWARE\Red Hat\RHCSProxy\Config\ProfileMap\WebServer] "CAProfileName"="caServerCert"
