AWS::PCAConnectorAD::Template EnrollmentFlagsV2 - AWS CloudFormation

AWS::PCAConnectorAD::Template EnrollmentFlagsV2

Template configurations for v2 template schema.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

EnableKeyReuseOnNtTokenKeysetStorageFull

Allow renewal using the same key.

Required: No

Type: Boolean

Update requires: No interruption

IncludeSymmetricAlgorithms

Include symmetric algorithms allowed by the subject.

Required: No

Type: Boolean

Update requires: No interruption

NoSecurityExtension

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

Required: No

Type: Boolean

Update requires: No interruption

RemoveInvalidCertificateFromPersonalStore

Delete expired or revoked certificates instead of archiving them.

Required: No

Type: Boolean

Update requires: No interruption

UserInteractionRequired

Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

Required: No

Type: Boolean

Update requires: No interruption