Click or drag to resize

CRLFlagEnum Enumeration

Defines certificate revocation list (and chaining engine) flags.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:  PKI.CertificateServices.Flags
Assembly:  PKI.Core (in PKI.Core.dll) Version: 3.3.0.0 (3.3.0.0)
Syntax
[FlagsAttribute]
public enum CRLFlagEnum
Members
  Member nameValueDescription
None0 No flags are defined.
DeltaUseOldestUnexpiredBase1 The CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used.
DeleteExpiredCRLs2 Deletes CRLs signed by the expired CA keys.
CRLNumberCritical4 The CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected.
RevCheckIgnoreOffline8 The CA server will ignore certificate revocation checking failures.

Note: You should not enable this flag in productional envionments.

IgnoreInvalidPolicies16 The CA server will ignore invalid Certificate Policies extension in requests.
RebuildModifiedSubjectOnly32 When a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request.
SaveFailedCerts64 N/A
IgnoreUnknownCMCAttributes128 The CA server ignores unknown CMC attributes in the request.
IgnoreCrossCertTrustError256 The CA server ignores trust errors for cross-certificates during certificate chain building.
PublishExpiredCertCRLs512 The CA will publish expired revoked certificates in CRLs.
EnforceEnrollmentAgent1024 The CA enforces enrollment agent restrictions.
DisableRDNReorder2048 The CA server will not re-order relative distinguished name (RDN) in the certificate request.
DisableRootCrossCerts4096 Instructs Root CA server to not generate root cross-certificates after Root CA renewal with new key pair.

Note: this flag has no effect on any type of Subordinate CA.

LogfullResponse8192 The CA will dump request response to console.
UseXCHGCertTemplate16384 Instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival.
UseCrossCertTemplate32768 Instructs Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using automatically generated cross-certificates.

Note: this flag has no effect on any type of Subordinate CA.

AllowRequestAttributeSubject65536 The CA server will accept certificate subject submitted as a part of request attributes.
RevCheckIgnoreNoRevCheck131072 The CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates.
PreserveExpiredCerts262144 The CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid.
PreserveRevokedCACerts524288 The CA server will preserve CA certificates in database and certificate store even if the certificates are revoked.
DisableChainVerification1048576 The CA server will preserve revoked CA certificates in database and certificate store.

Windows Server 2003, Windows Server 2008: this flag is not supported.

BuildRootCACRLEntriesBasedOnKey2097152 N/A

Windows Server 2003, Windows Server 2008: this flag is not supported.

Remarks
Not all CA versions support full list.
See Also