How to Determine the Type of Certificate Authority (CA) you have

As a consultant we are always entering environments that are new to us. We are often expected to tell our customers what there configuration is which I find ironic sometimes but as ‘the experts’ we are expected to know. One of the more common questions we receive around Public Key Infrastructure (PKI) is ‘how do I know what type of Certificate Authority (CA) I have. It’s not uncommon for the technology people that we are working with to know the name of the CA but having not been involved in the architecture or installation, they don’t know what type (Enterprise, Standalone, etc) of CA is in place.

One way that we commonly use to determine the CA type is to look in the registry with either Regedit or Regedt32 and look to the following path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Certsvc\Configuration\<your CA’s name>\CAType.image

The CAType reg_dword value will be set to one of four numeric values, each one representing a different type of CA. Your CA types and their numeric representations include:

CAType = 0 (Enterprise Root CA)

CAType = 1 (Enterprise Subordinate CA)

CAType = 3 (Stand Alone CA)

CAType = 4 (Stand Alone Subordinate CA)

System Center technologies are becoming more and more integrated with PKI to provide another means of mutual authentication and added security. Learn about this and other facets of System Center at one of our training classes.

Rory McCaw, OpsMgr MVP

Principal Consultant, Infront Consulting Group

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.