EnrollmentFlagsV2 - AWS Private CA Connector for Active Directory
ContentsSee Also
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

EnrollmentFlagsV2

Template configurations for v2 template schema.

Contents

EnableKeyReuseOnNtTokenKeysetStorageFull

Allow renewal using the same key.

Type: Boolean

Required: No

IncludeSymmetricAlgorithms

Include symmetric algorithms allowed by the subject.

Type: Boolean

Required: No

NoSecurityExtension

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

Type: Boolean

Required: No

RemoveInvalidCertificateFromPersonalStore

Delete expired or revoked certificates instead of archiving them.

Type: Boolean

Required: No

UserInteractionRequired

Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

Type: Boolean

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: