Exit Modules

Exit modules receive notifications from the server engine when operations such as the issuance of a certificate occur. An exit module is implemented as a dynamic-link library (DLL). A typical operation for an exit module is to publish a completed certificate in a specified location (the default enterprise certification authority exit module, for instance, publishes user certificates and certificate revocation lists (CRLs) to the Active Directory). An exit module can use the ICertServerExit interface to communicate with Certificate Services. Certificate Services communicates with an exit module by means of direct COM calls or, if the module does not support direct COM calls, by means of Automation.

An exit module may view existing certificate properties and extensions, and it may also view request attributes and properties. An exit module cannot, however, modify any properties.

Certificate Services provides a default exit module, but you can also create custom exit modules to meet special needs. However, before writing a custom exit module, consider using the default exit module. Moreover, for an enterprise certification authority, the default exit module should always be used, even though you can add additional, custom exit modules. For more information, see Writing Custom Exit Modules.