Validation Extension User Values
This table lists registry values that correspond to parameters that can be configured on Management Console tabs.
The same set of values exist multiple times in the registry on each computer: once for each user, and once for the default system settings. The default settings apply to any user who has not made customizations to their own settings. The values under the registry key HKEY_CURRENT_USER apply to the current user. The values under the key HKEY_LOCAL_MACHINE apply to the default system settings.
HKEY_LOCAL_MACHINE\SOFTWARE\HID Global\VAClient\SerVESettings:
| Name | Management Console Property | Default | Definition |
|---|---|---|---|
|
EnableAgent |
General → Status |
1 |
Specifies whether or not the Validation Extension is enabled. Valid settings are: 0- Extension is disabled 1- Extension is enabled |
|
LoggingDebug |
General → Configure Logging → Log Events → Log to File → Debug |
0 |
Enable or disable logging of messages that might be needed to debug the Validation Extension. Valid settings include: 0- Do not log debugging messages 1- Log debugging messages to the Validation Extension log file |
|
LoggingError |
General → Configure Logging → Log Events → Log to File → Errors
and
General → Configure Logging → Log Events → Log Windows Event → Errors |
1 |
Enable or disable logging of messages when the Validation Extension encounters an error during validation. Valid settings include: 0- Do not log messages 1- Log messages only to the Validation Extension log file 2- Log messages only to the Windows Event log 3- Log messages to the Validation Extension log file and the Windows Event log |
|
LoggingUnknown |
General → Configure Logging → Log Events → Log to File → Unknown
and
General → Configure Logging → Log Events → Log Windows Event → Unknown |
1 |
Enable or disable logging of messages when the Validation Extension cannot determine the validity of a certificate. Valid settings include: 0- Do not log messages 1- Log messages only to the Validation Extension log file 2- Log messages only to the Windows Event log 3- Log messages to the Validation Extension log file and the Windows Event log |
|
LoggingRevoked |
General → Configure Logging → Log Events → Log to File → Revoked
and
General → Configure Logging → Log Events → Log Windows Event → Revoked |
1 |
Enable or disable logging of messages when the Validation Extension determines that a certificate is revoked. Valid settings include: 0- Do not log messages 1- Log messages only to the Validation Extension log file 2- Log messages only to the Windows Event log 3- Log messages to the Validation Extension log file and the Windows Event log |
|
LoggingGood |
General → Configure Logging → Log Events → Log to File → Good
and
General → Configure Logging → Log Events → Log Windows Event → Good |
1 |
Enable or disable logging of messages when the Validation Extension determines that the certificate is Good. Valid settings include: 0- Do not log messages 1- Log messages only to the Validation Extension log file 2- Log messages only to the Windows Event log 3- Log messages to the Validation Extension log file and the Windows Event log |
|
LoggingFullbody |
General → Configure Logging → Log Events → Include Request and Response bodies in debug log |
0 |
Specifies whether or not OCSP requests and responses are included in the debug log. Valid settings include: 0- Do not include request and response bodies in the debug log. 1- Include request and response bodies in the debug log. |
|
UseUserHomeFor Logging |
General → Configure Logging → Log Directory and Size → Default Location |
1 |
Specifies whether or not the Validation Extension uses the default location for event log files or the alternate location specified by the LoggingDir property. Valid settings are: 0- Use an alternate event log file location 1- Use the default event log file location |
|
LoggingDir |
General → Configure Logging → Logging Directory |
none |
Specifies the directory to which log files are written when the UseUserHomeForLogging value setting is 0. |
|
MaxLogSize |
General → Configure Logging → Log Directory and Size → Max Log Size |
500 |
Specifies the maximum size in kilobytes for each log file. The Validation Extension removes older information when the log file contents reach the maximum size. |
|
UseProxy |
Network → Internet Proxy → Use Proxy Server |
0 |
Specifies whether or not to send validation requests to a proxy server. Valid settings are: 0- Validation requests are not sent to a proxy server. 1- Validation requests are sent to a proxy server. |
|
ProxyHost |
Network → Internet Proxy → Use Proxy Server → Proxy Settings → Host |
none |
Specifies the host name or IP address of the proxy server. |
|
ProxyPort |
Network → Internet Proxy → Use Proxy Server → Proxy Settings → Port |
0 |
Specifies the TCP port of the proxy server. |
|
ProxyName |
Network → Internet Proxy → Use Proxy Server → Proxy Settings → Name |
none |
Specifies the user account name required to login to the proxy server. |
|
ProxyPassword |
Network → Internet Proxy → Use Proxy Server → Proxy Settings → Password |
empty |
Specifies the password required to login to the proxy server. |
|
SocketTimeout |
Network → Settings → Responder Timeout |
5 |
Specifies the amount of time in seconds that the Validation Extension waits for a responder to reply before sending a request to the next configured responder. |
|
EnableMiniCRL |
OCSP → Advanced → Enable MiniCRL Support |
0 |
Specifies whether or not the Validation Extension requests MiniCRL responses. Valid settings are: 0- The Validation Extension does not request MiniCRL responses. 1- The Validation Extension requests MiniCRL responses. |
|
EnableNonce |
OCSP → Advanced → Include nonce in OCSP requests |
0 |
Specifies whether or not the Validation Extension includes a nonce in each OCSP request. Valid settings are: 0- OCSP requests do not include a nonce 1- OCSP requests includes a nonce |
|
UsePOSTForOCSP |
OCSP → Advanced → Send all OCSP requests using HTTP POST |
0 |
Specifies whether or not the Validation Extension uses only HTTP POST method when sending OCSP requests. 0- The Validation Extension uses only HTTP GET or POST method when sending OCSP requests 1- The Validation Extension uses only HTTP POST method when sending OCSP requests |
|
EnableRequest Signing |
OCSP → Advanced → Digitally Sign Outgoing Requests |
0 |
Specifies whether or not outgoing validation requests are signed. The signing certificate is specified in the key HKEY_CURRENT_USER\SOFTWARE\HID Global\SerVESettings\SigningCert. Valid settings are: 0- Outgoing validation requests are not signed 1- Outgoing validation requests are signed |
|
UseSigningCert |
OCSP → Advanced → Digitally Sign Outgoing Requests |
0 |
Specifies whether or not a certificate that can be used to sign outgoing requests is configured. A request signing certificate can be configured even when the Validation Extension does not require signing of outgoing OCSP requests (See HKEY_CURRENT_USER\SOFTWARE\HID Global\SerVESettings\SigningCert). Valid settings are: 0- No request signing certificate is configured 1- A request signing certificate is configured. |
|
EnableDefault Responder |
OCSP → Fallback Responders → Enable a Fallback Responder |
0 |
Specifies whether or not a Fallback Responder (specified by the DefaultResponderURL property) is used when no other responder URL can be found for a certificate. Valid settings are: 0 - Do not use a Fallback Responder 1- Use a Fallback Responder |
|
DefaultResponder URL |
OCSP → Fallback Responders → Fallback Responder URL |
none |
Specifies the URL of the Fallback Responder used when the EnableDefaultResponder property is enabled. |
|
EnableAIA |
OCSP → Enable AIA Checking |
1 |
Specifies whether or not the Validation Extension checks the AIA field in the certificate for a responder to check the certificate’s status. Valid settings include: 0- Do not check the AIA field. 1- Check the AIA field |
|
UntrustedBehavior |
OCSP → Trust → Implicitly Trusted VAs without the “id-ocsp-pkixnocheck” extension |
0 |
Specifies how the Validation Extension handles responder certificates that are not explicitly trusted and that do not contain the “id-ocsp-pkixnocheck” extension. Valid settings include: 0- Automatically reject responses signed by untrusted OCSP signing certificates without checking the current status of the OCSP signing certificate 1- Automatically accept responses signed by untrusted OCSP signing certificates without checking the current status of the OCSP signing certificate. 2- Allow the Validation Extension to attempt to validate the responder certificate. |
|
TrustedBehavior |
OCSP → Trust → Check this box to enable the IdenTrust implicit trust model |
0 |
Specifies whether or not the Validation Extension uses the IdenTrust implicit trust model. Valid settings are: 0- The Validation Extension does not use the IdenTrust implicit trust model. 1- The Validation Extension uses the IdenTrust implicit trust model. |
|
EnableCache |
OCSP → Advanced → Response Cache Time |
1 |
Specifies whether or not the Validation Extension caches Good and Revoked responses. Valid settings are: 0- Do not cache Good and Revoked responses until they expire. 1- Cache Good and Revoked responses until they expire. |
|
MaxCacheLife |
OCSP → Advanced → Response Cache Time |
10 |
Specifies the amount of time, in seconds, that the Validation Extension caches Good and Revoked responses that it has received. This value applies only when caching is enabled and the Cache responses until they expire option is not checked. |
|
CacheUntil Expiration |
OCSP → Advanced → Cache responses until they expire |
0 |
Specifies whether or not the Validation Extension caches Good and Revoked responses until they expire. 0-Do not cache Good and Revoked responses. 1-Cache Good and Revoked responses. |
|
MaxResponder Skew |
OCSP → Advanced → Response Buffer Time |
10 |
Specifies the amount of extra time in seconds before and after the validity period for which a response is accepted. This setting is used to allow for differences in the clock on the user’s computer and the clock on the responder when examining responses. |
|
EnableCRLCaching |
CRL Cache → Enable CRL Caching |
0 |
Specifies whether or not the Validation Extension caches CRLs. Valid settings are: 0- The Validation Extension does not cache CRLs. 1- The Validation Extension caches CRLs. |
|
UseUserHomeFor CRLs |
CRL Cache → Enable CRL Caching |
1 |
Specifies whether or not the Validation Extension uses the default location for CRL caching or the alternate location specified by the CRLCacheDir property. Valid settings are: 0- Use an alternate CRL cache location. 1- Use the default CRL cache location. |
|
CRLCacheDir |
CRL Cache → Enable CRL Caching |
User’s home directory |
Specifies the directory of the CRL cache when the setting for the UseUserHomeForCRLs value is 0. |
|
PreferCRL |
CRL Cache → Enable CRL Caching |
1 |
Specifies whether or not the Validation Extension makes OCSP requests (that is, uses configured issuer-responder mappings, the AIA field, and fallback responders) before checking cached CRLs. Valid settings are: 0- The Validation Extension will first attempt to obtain the revocation status of the certificate using an OCSP request. 1- The Validation Extension will first attempt to obtain the revocation status of the certificate using a cached CRLs. |
|
SupportEmail |
Support → Configure Support → Email Setup |
none |
Specifies an email address to which problem information can be sent. This feature is disabled when no value is specified. |
|
Support Information |
Support → Configure Support → Support Message |
If you should encounter a problem with this application, please contact your systems administrator. |
Specifies a text message that provides instructions to end users in the event of a problem. |
|
SettingsVersion |
N/A |
N/A |
Do not alter this value. For internal use only. |
|
TreatNoServiceAs |
N/A |
0 |
Specifies what certificate status response should be returned to the CAPI plug-in when the Validation Extension service is not running. Valid settings are: 0- The Validation Extension returns unknown. 1- The Validation Extension returns revoked. |
