:: Create a folder in the C: drive root. This folder will be used to store CA files.
md C:\CertData

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::              Configure CA settings                           ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


:: Set CRL and CA certificate files publishing locations and extension publishing options.
certutil -setreg CA\CRLPublicationURLs "65:%windir%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n65:C:\CertData\Adatum_PICA%%8%%9.crl\n6:http://www.adatum.com/pki/Adatum_PICA%%8%%9.crl"
certutil -setreg CA\CACertPublicationURLs "1:%windir%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://www.adatum.com/pki/Adatum_PICA%%4.crt\n32:http://www.adatum.com/ocsp"

:: As long as we cannot manage CRT file publishing locations
:: we rename original name to desired and copy it to CertData folder
ren %windir%\system32\CertSrv\CertEnroll\*.crt Adatum_PICA.crt
copy %windir%\system32\CertSrv\CertEnroll\Adatum_PICA.crt C:\CertData

:: Set issued certificate maximum validity period to 5 years
certutil -setreg CA\ValidityPeriodUnits 5
certutil -setreg CA\ValidityPeriod "Years"

:: set CRL publication periods as defined in CAPolicy.inf
certutil -setreg CA\CRLPeriodUnits 5
certutil -setreg CA\CRLPeriod "Days"
certutil -setreg CA\CRLDeltaPeriodUnits 12
certutil -setreg CA\CRLDeltaPeriod "Hours"
certutil -setreg CA\CRLOverlapPeriod "Days"
certutil -setreg CA\CRLOverlapUnits 1

:: enable Issuer Statement extension in issued certificates
certutil -setreg Policy\EnableRequestExtensionList +"2.5.29.32"


:: enable AlternateSignatureAlgorithm extensions
Certutil -setreg CA\csp\AlternateSignatureAlgorithm 1

:: enable CA server full audit
certutil -setreg CA\AuditFilter 127

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::              Configuring AD settings                         ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: set current forest configuration naming context
certutil -setreg CA\DSConfig "CN=Configuration,DC=adatum,DC=com"

:: Publish CA certificates to AD
certutil -dspublish -f C:\CertData\Adatum_PICA.crt Subca
certutil -dspublish -f C:\CertData\Adatum_PICA.crt NTAuthCA


net stop certsvc && net start certsvc

:: Publish new CRLs.
certutil -CRL