Click or drag to resize

CertificateTemplateEnrollmentFlags Enumeration

Defines certificate template enrollment flags.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:  PKI.CertificateTemplates
Assembly:  PKI.Core (in PKI.Core.dll) Version: 3.3.0.0 (3.3.0.0)
Syntax
[FlagsAttribute]
public enum CertificateTemplateEnrollmentFlags
Members
  Member nameValueDescription
IncludeSymmetricAlgorithms1 This flag instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate extension, as specified in RFC4262, in the request and in the issued certificate.
CAManagerApproval2 This flag instructs the CA to put all requests in a pending state.
KraPublish4 This flag instructs the CA to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.
DsPublish8 This flag instructs clients and CA servers to append the issued certificate to the userCertificate attribute, as specified in RFC4523, on the user object in Active Directory.
AutoenrollmentCheckDsCert16 This flag instructs clients not to do autoenrollment for a certificate based on this template if the user's userCertificate attribute (specified in RFC4523) in Active Directory has a valid certificate based on the same template.
Autoenrollment32 This flag instructs clients to perform autoenrollment for the specified template.
ReenrollExistingCert64 This flag instructs clients to sign the renewal request using the private key of the existing certificate.
RequireUserInteraction256 This flag instructs the client to obtain user consent before attempting to enroll for a certificate that is based on the specified template.
RemoveInvalidFromStore1024 This flag instructs the autoenrollment client to delete any certificates that are no longer needed based on the specific template from the local certificate storage.
AllowEnrollOnBehalfOf2048 This flag instructs the server to allow enroll on behalf of (EOBO) functionality.
IncludeOcspRevNoCheck4096 This flag instructs the server to not include revocation information and add the id-pkix-ocsp-nocheck extension, as specified in RFC2560 section §4.2.2.2.1, to the certificate that is issued.

Windows Server 2003 - this flag is not supported.

ReuseKeyTokenFull8192 This flag instructs the client to reuse the private key for a smart card–based certificate renewal if it is unable to create a new private key on the card.

Windows XP, Windows Server 2003 - this flag is not supported.

NoRevocationInformation16384 This flag instructs the server to not include revocation information in the issued certificate.

Windows Server 2003, Windows Server 2008 - this flag is not supported.

BasicConstraintsInEndEntityCerts32768 This flag instructs the server to include Basic Constraints extension in the end entity certificates.

Windows Server 2003, Windows Server 2008 - this flag is not supported.

IgnoreEnrollOnReenrollment65536 This flag instructs the CA to ignore the requirement for Enroll permissions on the template when processing renewal requests.

Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported.

IssuancePoliciesFromRequest131072 This flag indicates that the certificate issuance policies to be included in the issued certificate come from the request rather than from the template. The template contains a list of all of the issuance policies that the request is allowed to specify; if the request contains policies that are not listed in the template, then the request is rejected.

Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported.

See Also