interface EnrollmentFlagsV2Property

Language	Type name
.NET	Amazon.CDK.aws_pcaconnectorad.CfnTemplate.EnrollmentFlagsV2Property
Go	github.com/aws/aws-cdk-go/awscdk/v2/awspcaconnectorad#CfnTemplate_EnrollmentFlagsV2Property
Java	software.amazon.awscdk.services.pcaconnectorad.CfnTemplate.EnrollmentFlagsV2Property
Python	aws_cdk.aws_pcaconnectorad.CfnTemplate.EnrollmentFlagsV2Property
TypeScript	aws-cdk-lib » aws_pcaconnectorad » CfnTemplate » EnrollmentFlagsV2Property

Template configurations for v2 template schema.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_pcaconnectorad as pcaconnectorad } from 'aws-cdk-lib';
const enrollmentFlagsV2Property: pcaconnectorad.CfnTemplate.EnrollmentFlagsV2Property = {
  enableKeyReuseOnNtTokenKeysetStorageFull: false,
  includeSymmetricAlgorithms: false,
  noSecurityExtension: false,
  removeInvalidCertificateFromPersonalStore: false,
  userInteractionRequired: false,
};

Properties

Name	Type	Description
enableKeyReuseOnNtTokenKeysetStorageFull?	boolean | IResolvable	Allow renewal using the same key.
includeSymmetricAlgorithms?	boolean | IResolvable	Include symmetric algorithms allowed by the subject.
noSecurityExtension?	boolean | IResolvable	This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
removeInvalidCertificateFromPersonalStore?	boolean | IResolvable	Delete expired or revoked certificates instead of archiving them.
userInteractionRequired?	boolean | IResolvable	Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

---

enableKeyReuseOnNtTokenKeysetStorageFull?

Type: boolean | IResolvable (optional)

Allow renewal using the same key.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html#cfn-pcaconnectorad-template-enrollmentflagsv2-enablekeyreuseonnttokenkeysetstoragefull

---

includeSymmetricAlgorithms?

Type: boolean | IResolvable (optional)

Include symmetric algorithms allowed by the subject.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html#cfn-pcaconnectorad-template-enrollmentflagsv2-includesymmetricalgorithms

---

noSecurityExtension?

Type: boolean | IResolvable (optional)

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html#cfn-pcaconnectorad-template-enrollmentflagsv2-nosecurityextension

---

removeInvalidCertificateFromPersonalStore?

Type: boolean | IResolvable (optional)

Delete expired or revoked certificates instead of archiving them.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html#cfn-pcaconnectorad-template-enrollmentflagsv2-removeinvalidcertificatefrompersonalstore

---

userInteractionRequired?

Type: boolean | IResolvable (optional)

Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcaconnectorad-template-enrollmentflagsv2.html#cfn-pcaconnectorad-template-enrollmentflagsv2-userinteractionrequired