Click or drag to resize

PolicyModuleFlagEnum Enumeration

Defines default policy module flags.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:  PKI.CertificateServices.PolicyModule
Assembly:  PKI.Core (in PKI.Core.dll) Version: 3.3.0.0 (3.3.0.0)
Syntax
[FlagsAttribute]
public enum PolicyModuleFlagEnum
Members
  Member nameValueDescription
None0
EnableRequestExtensions1 Enables 'Enabled Request Extensions' list processing.

This flag is not enabled by default.

RequestExtensionList2 N/A

This flag is enabled by default on both Standalone and Enterprise CAs.

DisableExtensionList4 Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request contains one or more extemsions from this list, extensions will be discarded.

This flag is enabled by default on both Standalone and Enterprise CAs.

AddOldKeyUsage8 N/A

This flag is enabled by default on both Standalone and Enterprise CAs.

AddOldCertType16 N/A

This flag is not enabled by default.

AttributeEndDate32 Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity.

Note: EndDate value cannot exceed ValidityPeriod and ValidityPeriodUnits settings.

This flag is enabled by default on Standalone CAs.

BasicConstraintsCritical64 Marks Basic Constraints extension as critical.

This flag is enabled by default on both Standalone and Enterprise CAs.

BasicConstraintsCA128 Enables Basic Constraints extension for CA certificates.

This flag is enabled by default on Standalone CAs.

EnableAKIKeyID256 Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier (AKI) extension.

This flag is enabled by default on both Standalone and Enterprise CAs.

AttributeCA512 N/A

This flag is enabled on Standalone CAs.

IgnoreRequestGroup1024 N/A

This flag is not enabled by default.

EnableAKIIssuerName2048 Enables issuer name value to appear in Authority Key Identifier (AKI) extension.

This flag is not enabled by default.

EnableAKIIssuerSerial4096 Enables issuer certificate's serial number to appear in Authority Key Identifier (AKI) extension.

This flag is not enabled by default.

EnableAKICritical8192 Marks Authority Key Identifier (AKI) extension as critical.

This flag is not enabled by default.

ServerUpgraded16384 N/A

This flag is not enabled by default.

AttributeEKU32768 Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated request attribute (rather than including EKU extension as authenticated extension in the request).

This flag is enabled by default on Standalone CAs.

EnableDefaultSMIME65536 N/A

This flag is enabled by default on Enterprise CAs.

EmailOptional131072 N/A

This flag is not enabled by default.

AttributeSubjectAlternativeName262144 Enables Subject Alternative Name (SAN) extensions passing as unauthenticated request attribute (rather than including SAN extension as authenticated extension in the request).

Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request.

This flag is not enabled by default.

EnableLDAPReferrals524288 Allows Certification Authority (CA) to chase a referral for user or computer information in a trusted forest. When referrals are not chased and the user information is not available, the request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default as unintended template enumeration and enrollment may occur in some scenarios.

This flag is necessary only for Cross-Forest Enrollment scenarios.

This flag is not enabled by default.

EnableChaseClientDC1048576 N/A

This flag is enabled by default on Enterprise CAs.

AuditCertTemplateLoad2097152 Enables template list load from Active Directory audit.

This flag is not enabled by default.

DisableOldOSCNUPN4194304 N/A

This flag is not enabled by default.

DisableLDAPPackageList8388608 N/A

This flag is not enabled by default.

EnableUPNMap16777216 N/A

This flag is not enabled by default.

EnableOCSPRevNoCheck33554432 Enables id-pkix-ocsp-nocheck extension in the request.

Windows Server 2003: this flag is not supported.

This flag is not enabled by default.

EnableRenewOnBehalfOf67108864 Enables certificate renewel on behalf of other user or computer.

Windows Server 2003, Windows Server 2008: this flag is not supported.

This flag is not enabled by default.

Remarks
Not all CA versions support full list.
See Also