AWS::PCAConnectorAD::Template TemplateV4
v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "CertificateValidity" :CertificateValidity, "EnrollmentFlags" :EnrollmentFlagsV4, "Extensions" :ExtensionsV4, "GeneralFlags" :GeneralFlagsV4, "HashAlgorithm" :String, "PrivateKeyAttributes" :PrivateKeyAttributesV4, "PrivateKeyFlags" :PrivateKeyFlagsV4, "SubjectNameFlags" :SubjectNameFlagsV4, "SupersededTemplates" :[ String, ... ]}
YAML
CertificateValidity:CertificateValidityEnrollmentFlags:EnrollmentFlagsV4Extensions:ExtensionsV4GeneralFlags:GeneralFlagsV4HashAlgorithm:StringPrivateKeyAttributes:PrivateKeyAttributesV4PrivateKeyFlags:PrivateKeyFlagsV4SubjectNameFlags:SubjectNameFlagsV4SupersededTemplates:- String
Properties
CertificateValidity-
Certificate validity describes the validity and renewal periods of a certificate.
Required: Yes
Type: CertificateValidity
Update requires: No interruption
EnrollmentFlags-
Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
Required: Yes
Type: EnrollmentFlagsV4
Update requires: No interruption
Extensions-
Extensions describe the key usage extensions and application policies for a template.
Required: Yes
Type: ExtensionsV4
Update requires: No interruption
GeneralFlags-
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
Required: Yes
Type: GeneralFlagsV4
Update requires: No interruption
HashAlgorithm-
Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
Required: No
Type: String
Allowed values:
SHA256 | SHA384 | SHA512Update requires: No interruption
PrivateKeyAttributes-
Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
Required: Yes
Type: PrivateKeyAttributesV4
Update requires: No interruption
PrivateKeyFlags-
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
Required: Yes
Type: PrivateKeyFlagsV4
Update requires: No interruption
SubjectNameFlags-
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
Required: Yes
Type: SubjectNameFlagsV4
Update requires: No interruption
SupersededTemplates-
List of templates in Active Directory that are superseded by this template.
Required: No
Type: Array of String
Minimum:
1 | 1Maximum:
64 | 100Update requires: No interruption
