Configuration Parameters

Table 1. AppViewX.CLM.WindowsService.exe.config file - Fields and Description
Parameter	Description	Value
WMIrequestFolderPath	Specifies the destination folder path for WMI-based use cases.	Folder path
ExportPrivateKey	Configures the option to export the private key during Certificate Signing Request (CSR) generation.	Yes or No
CertExportable	Indicates whether the certificate should be marked as exportable when installing in the trust store (Local Machine or Current User).	Yes or No
DefaultStore	Specifies the Default Certificate trust store to be used.	LocalMachine or CurrentUser
DiscoverCurrentStoreForIIS	A flag that triggers discovery from the current user store if set to "YES", specifically for IIS certificate discovery.	Yes or No
WMI	A list of connectivity checks performed during configuration fetch for WMI mode.	Windows Gateway Reachability,User Validation,Windows Temp Folder,WMI Service,CA Discovery Test
NATIVE	A list of connectivity checks performed during configuration fetch for Native mode.	Windows Gateway Reachability,CA Discovery Test
POWERSHELL	A list of connectivity checks performed during configuration fetch for PowerShell mode.	Windows Gateway Reachability,User Validation,RPC Service,WinRM Service,WinRM Configuration,CA Discovery Test
SkipCRLURL	If set to YES, skip the Certificate Revocation List (CRL) during Download.	Yes or No
DeltaCRL	If set to YES, enables the download of Delta CRLs and checks if the certificate has been revoked.	Yes or No
ValidateRevocation	If set to YES, checks certificate revocation using both OCSP and CRL.	Yes or No
ValidateThumbprintOnly	If set to YES, only validates the end entity certificate using its thumbprint and verifies the certificate chain.	Yes or No
HttpsMode	If set to Yes, remote PowerShell operates in HTTPS mode (port 5986). If set to No it operates in HTTP mode (port 5985). If set to "Both", it checks if HTTPS mode is available , if not , falls back to HTTP.	Yes or No or Both
LogonMode	Defines the logon mode	Interactive or Network
EnableFullDriveDiscovery	The EnableFullDriveDiscovery flag enables you to control the scope of the file system discovery scan: full drive scan or current directory scan. By default, the flag is disabled and the discovery scan will be executed only for the current drive. To enable the flag and execute a full drive scan, edit the AppViewX.CLM.WindowsService.exe.config file to add the following: `<add key="EnableFullDriveDiscovery" value=Yes />` Before executing a full drive scan, please note that the duration may vary depending on the volume of data on the drive and the performance characteristics of the underlying system or infrastructure.	Yes, No (default)
EnableSubmittedWhenFilter	When set to Yes, uses the SubmittedWhen MSCA Filter for time-range based certificate discovery for more accurate filtering. Otherwise, falls back to NotBefore.	Yes, No (default)
RequestIDBasedCADiscovery	When set to Yes, enables incremental discovery using RequestID, for better performance in Native API Mode. Note: Supported only in AppViewX versions > 26.1.0.0.	Yes, No (default)
EnableIisCertBindCheck	When set to Yes, validates IIS site bindings after certificate installation to ensure correct binding. When set to No (default), skips this validation step.	Yes, No (default)
CSPValue	Specifies the Cryptographic Service Provider to be used when importing certificates, allowing explicit control over provider selection (used in conjunction with CSP setting)	CSP Provider Name Default : Microsoft RSA SChannel Cryptographic Provider
CSP	Controls certificate import behavior: Auto (default): Selects the appropriate CSP/CNG automatically using Import-Pfx Cmdlet Yes: Forces usage of the configured CSP No: Uses the default Microsoft provider	Auto / Yes / No
NetworkLogonType	Defines the authentication mechanism Use NETWORK_CLEARTEXT (default) for backward compatibility or NEW_CREDENTIALS for a more secure logon method. Note: Applicable only when LogonMode is Network	NETWORK_CLEARTEXT, NEW_CREDENTIALS

WMIrequestFolderPath

Specifies the destination folder path for WMI-based use cases.

Folder path

ExportPrivateKey

Configures the option to export the private key during Certificate Signing Request (CSR) generation.

Yes or No

CertExportable

Indicates whether the certificate should be marked as exportable when installing in the trust store (Local Machine or Current User).

Yes or No

DefaultStore

Specifies the Default Certificate trust store to be used.

LocalMachine or CurrentUser

DiscoverCurrentStoreForIIS

A flag that triggers discovery from the current user store if set to "YES", specifically for IIS certificate discovery.

Yes or No

WMI

A list of connectivity checks performed during configuration fetch for WMI mode.

Windows Gateway Reachability,User Validation,Windows Temp Folder,WMI Service,CA Discovery Test

NATIVE

A list of connectivity checks performed during configuration fetch for Native mode.

Windows Gateway Reachability,CA Discovery Test

POWERSHELL

A list of connectivity checks performed during configuration fetch for PowerShell mode.

Windows Gateway Reachability,User Validation,RPC Service,WinRM Service,WinRM Configuration,CA Discovery Test

SkipCRLURL

If set to YES, skip the Certificate Revocation List (CRL) during Download.

Yes or No

DeltaCRL

If set to YES, enables the download of Delta CRLs and checks if the certificate has been revoked.

Yes or No

ValidateRevocation

If set to YES, checks certificate revocation using both OCSP and CRL.

Yes or No

ValidateThumbprintOnly

If set to YES, only validates the end entity certificate using its thumbprint and verifies the certificate chain.

Yes or No

HttpsMode

If set to Yes, remote PowerShell operates in HTTPS mode (port 5986). If set to No it operates in HTTP mode (port 5985). If set to "Both", it checks if HTTPS mode is available , if not , falls back to HTTP.

Yes or No or Both

LogonMode

Defines the logon mode

Interactive or Network

EnableFullDriveDiscovery

The EnableFullDriveDiscovery flag enables you to control the scope of the file system discovery scan: full drive scan or current directory scan.

By default, the flag is disabled and the discovery scan will be executed only for the current drive.

To enable the flag and execute a full drive scan, edit the AppViewX.CLM.WindowsService.exe.config file to add the following:

<add key="EnableFullDriveDiscovery" value=Yes />

Before executing a full drive scan, please note that the duration may vary depending on the volume of data on the drive and the performance characteristics of the underlying system or infrastructure.

Yes, No (default)

EnableSubmittedWhenFilter

When set to Yes, uses the SubmittedWhen MSCA Filter for time-range based certificate discovery for more accurate filtering. Otherwise, falls back to NotBefore.

Yes, No (default)

RequestIDBasedCADiscovery

When set to Yes, enables incremental discovery using RequestID, for better performance in Native API Mode.

Note: Supported only in AppViewX versions > 26.1.0.0.

Yes, No (default)

EnableIisCertBindCheck

When set to Yes, validates IIS site bindings after certificate installation to ensure correct binding.

When set to No (default), skips this validation step.

Yes, No (default)

CSPValue

Specifies the Cryptographic Service Provider to be used when importing certificates, allowing explicit control over provider selection (used in conjunction with CSP setting)

CSP Provider Name

Default : Microsoft RSA SChannel Cryptographic Provider

CSP

Controls certificate import behavior:

Auto (default): Selects the appropriate CSP/CNG automatically using Import-Pfx Cmdlet

Yes: Forces usage of the configured CSP

No: Uses the default Microsoft provider

Auto / Yes / No

NetworkLogonType

Defines the authentication mechanism

Use NETWORK_CLEARTEXT (default) for backward compatibility or NEW_CREDENTIALS for a more secure logon method.

Note: Applicable only when LogonMode is Network

NETWORK_CLEARTEXT, NEW_CREDENTIALS