SysadminsLV .NET API Documentation
Certificate
Defines certificate template enrollment flags.
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
Definition
Namespace: PKI.CertificateTemplates
Assembly: SysadminsLV.PKI.Win (in SysadminsLV.PKI.Win.dll) Version: 4.3.0+a868daf3196ed1ac6592e4f3e5cd2b429fc81eaa
Assembly: SysadminsLV.PKI.Win (in SysadminsLV.PKI.Win.dll) Version: 4.3.0+a868daf3196ed1ac6592e4f3e5cd2b429fc81eaa
C#
[FlagsAttribute]
public enum CertificateTemplateEnrollmentFlagsVB
<FlagsAttribute>
Public Enumeration CertificateTemplateEnrollmentFlagsC++
[FlagsAttribute]
public enum class CertificateTemplateEnrollmentFlagsF#
[<FlagsAttribute>]
type CertificateTemplateEnrollmentFlagsMembers
| None | 0 | None. |
| IncludeSymmetricAlgorithms | 1 | This flag instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate extension, as specified in RFC4262, in the request and in the issued certificate. |
| CAManagerApproval | 2 | This flag instructs the CA to put all requests in a pending state. |
| KraPublish | 4 | This flag instructs the CA to publish the issued certificate to the key recovery agent (KRA) container in Active Directory. |
| DsPublish | 8 | This flag instructs clients and CA servers to append the issued certificate to the userCertificate attribute, as specified in RFC4523, on the user object in Active Directory. |
| AutoenrollmentCheckDsCert | 16 | This flag instructs clients not to do autoenrollment for a certificate based on this template if the user's userCertificate attribute (specified in RFC4523) in Active Directory has a valid certificate based on the same template. |
| Autoenrollment | 32 | This flag instructs clients to perform autoenrollment for the specified template. |
| ReenrollExistingCert | 64 | This flag instructs clients to sign the renewal request using the private key of the existing certificate. |
| RequireUserInteraction | 256 | This flag instructs the client to obtain user consent before attempting to enroll for a certificate that is based on the specified template. |
| RemoveInvalidFromStore | 1,024 | This flag instructs the autoenrollment client to delete any certificates that are no longer needed based on the specific template from the local certificate storage. |
| AllowEnrollOnBehalfOf | 2,048 | This flag instructs the server to allow enroll on behalf of (EOBO) functionality. |
| IncludeOcspRevNoCheck | 4,096 |
This flag instructs the server to not include revocation information and add the id-pkix-ocsp-nocheck extension,
as specified in RFC2560 section §4.2.2.2.1, to the certificate
that is issued.
Windows Server 2003 - this flag is not supported. |
| ReuseKeyTokenFull | 8,192 |
This flag instructs the client to reuse the private key for a smart card–based certificate renewal if it is unable
to create a new private key on the card.
Windows XP, Windows Server 2003 - this flag is not supported. |
| NoRevocationInformation | 16,384 |
This flag instructs the server to not include revocation information in the issued certificate.
Windows Server 2003, Windows Server 2008 - this flag is not supported. |
| BasicConstraintsInEndEntityCerts | 32,768 |
This flag instructs the server to include Basic Constraints extension in the end entity certificates.
Windows Server 2003, Windows Server 2008 - this flag is not supported. |
| IgnoreEnrollOnReenrollment | 65,536 |
This flag instructs the CA to ignore the requirement for Enroll permissions on the template when
processing renewal requests.
Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported. |
| IssuancePoliciesFromRequest | 131,072 |
This flag indicates that the certificate issuance policies to be included in the issued certificate come from the
request rather than from the template. The template contains a list of all of the issuance policies that the request
is allowed to specify; if the request contains policies that are not listed in the template, then the request is rejected.
Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported. |
| SkipAutoRenewal | 262,144 | This flag instructs autoenrollment client to not renew certificate although the certificate meets all conditions for automatic renewal, i.e. initial automatic certificate enrollment is enabled and subsequent renewal is disabled. |
| DoNotIncludeSidExtension | 524,288 | Instructs Enterprise CA to not include SID extension in issued certificates that use subject construction from Active Directory. More information in KB5014754 |