AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Calls the Pca Connector Ad CreateTemplate API operation.

Syntax

New-PCAADTemplate
-ConnectorArn <String>
-Definition_TemplateV3_PrivateKeyAttributes_Algorithm <PrivateKeyAlgorithm>
-Definition_TemplateV4_PrivateKeyAttributes_Algorithm <PrivateKeyAlgorithm>
-Definition_TemplateV2_GeneralFlags_AutoEnrollment <Boolean>
-Definition_TemplateV3_GeneralFlags_AutoEnrollment <Boolean>
-Definition_TemplateV4_GeneralFlags_AutoEnrollment <Boolean>
-Definition_TemplateV2_PrivateKeyFlags_ClientVersion <ClientCompatibilityV2>
-Definition_TemplateV3_PrivateKeyFlags_ClientVersion <ClientCompatibilityV3>
-Definition_TemplateV4_PrivateKeyFlags_ClientVersion <ClientCompatibilityV4>
-Definition_TemplateV2_Extensions_ApplicationPolicies_Critical <Boolean>
-Definition_TemplateV2_Extensions_KeyUsage_Critical <Boolean>
-Definition_TemplateV3_Extensions_ApplicationPolicies_Critical <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_Critical <Boolean>
-Definition_TemplateV4_Extensions_ApplicationPolicies_Critical <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_Critical <Boolean>
-Definition_TemplateV2_PrivateKeyAttributes_CryptoProviders <String[]>
-Definition_TemplateV3_PrivateKeyAttributes_CryptoProviders <String[]>
-Definition_TemplateV4_PrivateKeyAttributes_CryptoProviders <String[]>
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Decrypt <Boolean>
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Decrypt <Boolean>
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
-Definition_TemplateV2_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
-Definition_TemplateV3_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
-Definition_TemplateV4_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
-Definition_TemplateV2_PrivateKeyFlags_ExportableKey <Boolean>
-Definition_TemplateV3_PrivateKeyFlags_ExportableKey <Boolean>
-Definition_TemplateV4_PrivateKeyFlags_ExportableKey <Boolean>
-Definition_TemplateV3_HashAlgorithm <HashAlgorithm>
-Definition_TemplateV4_HashAlgorithm <HashAlgorithm>
-Definition_TemplateV2_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
-Definition_TemplateV3_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
-Definition_TemplateV4_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_KeyAgreement <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_KeyAgreement <Boolean>
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
-Definition_TemplateV2_PrivateKeyAttributes_KeySpec <KeySpec>
-Definition_TemplateV3_PrivateKeyAttributes_KeySpec <KeySpec>
-Definition_TemplateV4_PrivateKeyAttributes_KeySpec <KeySpec>
-Definition_TemplateV2_GeneralFlags_MachineType <Boolean>
-Definition_TemplateV3_GeneralFlags_MachineType <Boolean>
-Definition_TemplateV4_GeneralFlags_MachineType <Boolean>
-Definition_TemplateV2_PrivateKeyAttributes_MinimalKeyLength <Int32>
-Definition_TemplateV3_PrivateKeyAttributes_MinimalKeyLength <Int32>
-Definition_TemplateV4_PrivateKeyAttributes_MinimalKeyLength <Int32>
-Name <String>
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
-Definition_TemplateV2_EnrollmentFlags_NoSecurityExtension <Boolean>
-Definition_TemplateV3_EnrollmentFlags_NoSecurityExtension <Boolean>
-Definition_TemplateV4_EnrollmentFlags_NoSecurityExtension <Boolean>
-Definition_TemplateV2_CertificateValidity_RenewalPeriod_Period <Int64>
-Definition_TemplateV2_CertificateValidity_ValidityPeriod_Period <Int64>
-Definition_TemplateV3_CertificateValidity_RenewalPeriod_Period <Int64>
-Definition_TemplateV3_CertificateValidity_ValidityPeriod_Period <Int64>
-Definition_TemplateV4_CertificateValidity_RenewalPeriod_Period <Int64>
-Definition_TemplateV4_CertificateValidity_ValidityPeriod_Period <Int64>
-Definition_TemplateV2_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV2_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV3_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV3_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV4_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV4_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
-Definition_TemplateV2_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
-Definition_TemplateV3_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
-Definition_TemplateV4_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyType <KeyUsagePropertyType>
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyType <KeyUsagePropertyType>
-Definition_TemplateV2_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
-Definition_TemplateV3_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
-Definition_TemplateV4_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
-Definition_TemplateV3_PrivateKeyFlags_RequireAlternateSignatureAlgorithm <Boolean>
-Definition_TemplateV4_PrivateKeyFlags_RequireAlternateSignatureAlgorithm <Boolean>
-Definition_TemplateV2_SubjectNameFlags_RequireCommonName <Boolean>
-Definition_TemplateV3_SubjectNameFlags_RequireCommonName <Boolean>
-Definition_TemplateV4_SubjectNameFlags_RequireCommonName <Boolean>
-Definition_TemplateV2_SubjectNameFlags_RequireDirectoryPath <Boolean>
-Definition_TemplateV3_SubjectNameFlags_RequireDirectoryPath <Boolean>
-Definition_TemplateV4_SubjectNameFlags_RequireDirectoryPath <Boolean>
-Definition_TemplateV2_SubjectNameFlags_RequireDnsAsCn <Boolean>
-Definition_TemplateV3_SubjectNameFlags_RequireDnsAsCn <Boolean>
-Definition_TemplateV4_SubjectNameFlags_RequireDnsAsCn <Boolean>
-Definition_TemplateV2_SubjectNameFlags_RequireEmail <Boolean>
-Definition_TemplateV3_SubjectNameFlags_RequireEmail <Boolean>
-Definition_TemplateV4_SubjectNameFlags_RequireEmail <Boolean>
-Definition_TemplateV4_PrivateKeyFlags_RequireSameKeyRenewal <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireDns <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireDns <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireDns <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireDomainDns <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireDomainDns <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireDomainDns <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireEmail <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireEmail <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireEmail <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireSpn <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireSpn <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireSpn <Boolean>
-Definition_TemplateV2_SubjectNameFlags_SanRequireUpn <Boolean>
-Definition_TemplateV3_SubjectNameFlags_SanRequireUpn <Boolean>
-Definition_TemplateV4_SubjectNameFlags_SanRequireUpn <Boolean>
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Sign <Boolean>
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Sign <Boolean>
-Definition_TemplateV2_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
-Definition_TemplateV3_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
-Definition_TemplateV4_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
-Definition_TemplateV2_SupersededTemplates <String[]>
-Definition_TemplateV3_SupersededTemplates <String[]>
-Definition_TemplateV4_SupersededTemplates <String[]>
-Tag <Hashtable>
-Definition_TemplateV4_PrivateKeyFlags_UseLegacyProvider <Boolean>
-Definition_TemplateV2_EnrollmentFlags_UserInteractionRequired <Boolean>
-Definition_TemplateV3_EnrollmentFlags_UserInteractionRequired <Boolean>
-Definition_TemplateV4_EnrollmentFlags_UserInteractionRequired <Boolean>
-ClientToken <String>
-Select <String>
-PassThru <SwitchParameter>
-Force <SwitchParameter>
-ClientConfig <AmazonPcaConnectorAdConfig>

Description

Creates an Active Directory compatible certificate template. The connectors issues certificates using these templates based on the requester’s Active Directory group membership.

Parameters

Amazon.PowerShell.Cmdlets.PCAAD.AmazonPcaConnectorAdClientCmdlet.ClientConfig
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClientToken <String>
Idempotency token.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ConnectorArn <String>
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Required?True
Position?1
Accept pipeline input?True (ByValue, ByPropertyName)
-Definition_TemplateV2_CertificateValidity_RenewalPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_CertificateValidity_ValidityPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
Allow renewal using the same key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
Include symmetric algorithms allowed by the subject.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_EnrollmentFlags_NoSecurityExtension <Boolean>
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
Delete expired or revoked certificates instead of archiving them.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_EnrollmentFlags_UserInteractionRequired <Boolean>
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_ApplicationPolicies_Critical <Boolean>
Marks the application policy extension as critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
Application policies describe what the certificate can be used for.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_Critical <Boolean>
Sets the key usage extension to critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
KeyAgreement is asserted when the subject public key is used for key agreement.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
NonRepudiation is asserted when the subject public key is used to verify digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_GeneralFlags_AutoEnrollment <Boolean>
Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_GeneralFlags_MachineType <Boolean>
Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyAttributes_CryptoProviders <String[]>
Defines the cryptographic providers used to generate the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyAttributes_KeySpec <KeySpec>
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyAttributes_MinimalKeyLength <Int32>
Set the minimum key length of the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyFlags_ClientVersion <ClientCompatibilityV2>
Defines the minimum client compatibility.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyFlags_ExportableKey <Boolean>
Allows the private key to be exported.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
Require user input when using the private key for enrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_RequireCommonName <Boolean>
Include the common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_RequireDirectoryPath <Boolean>
Include the directory path in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_RequireDnsAsCn <Boolean>
Include the DNS as common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_RequireEmail <Boolean>
Include the subject's email in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
Include the globally unique identifier (GUID) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireDns <Boolean>
Include the DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireDomainDns <Boolean>
Include the domain DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireEmail <Boolean>
Include the subject's email in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireSpn <Boolean>
Include the service principal name (SPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SubjectNameFlags_SanRequireUpn <Boolean>
Include the user principal name (UPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV2_SupersededTemplates <String[]>
List of templates in Active Directory that are superseded by this template.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_CertificateValidity_RenewalPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_CertificateValidity_ValidityPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
Allow renewal using the same key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
Include symmetric algorithms allowed by the subject.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_EnrollmentFlags_NoSecurityExtension <Boolean>
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
Delete expired or revoked certificates instead of archiving them.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_EnrollmentFlags_UserInteractionRequired <Boolean>
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_ApplicationPolicies_Critical <Boolean>
Marks the application policy extension as critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
Application policies describe what the certificate can be used for.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_Critical <Boolean>
Sets the key usage extension to critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
KeyAgreement is asserted when the subject public key is used for key agreement.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
NonRepudiation is asserted when the subject public key is used to verify digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_GeneralFlags_AutoEnrollment <Boolean>
Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_GeneralFlags_MachineType <Boolean>
Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_HashAlgorithm <HashAlgorithm>
Specifies the hash algorithm used to hash the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_Algorithm <PrivateKeyAlgorithm>
Defines the algorithm used to generate the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_CryptoProviders <String[]>
Defines the cryptographic providers used to generate the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_KeySpec <KeySpec>
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Decrypt <Boolean>
Allows key for encryption and decryption.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_KeyAgreement <Boolean>
Allows key exchange without encryption.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Sign <Boolean>
Allow key use for digital signature.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_KeyUsageProperty_PropertyType <KeyUsagePropertyType>
You can specify all key usages using property type ALL. You can use property type or property flags but not both.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyAttributes_MinimalKeyLength <Int32>
Set the minimum key length of the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyFlags_ClientVersion <ClientCompatibilityV3>
Defines the minimum client compatibility.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyFlags_ExportableKey <Boolean>
Allows the private key to be exported.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyFlags_RequireAlternateSignatureAlgorithm <Boolean>
Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
Requirer user input when using the private key for enrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_RequireCommonName <Boolean>
Include the common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_RequireDirectoryPath <Boolean>
Include the directory path in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_RequireDnsAsCn <Boolean>
Include the DNS as common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_RequireEmail <Boolean>
Include the subject's email in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
Include the globally unique identifier (GUID) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireDns <Boolean>
Include the DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireDomainDns <Boolean>
Include the domain DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireEmail <Boolean>
Include the subject's email in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireSpn <Boolean>
Include the service principal name (SPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SubjectNameFlags_SanRequireUpn <Boolean>
Include the user principal name (UPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV3_SupersededTemplates <String[]>
List of templates in Active Directory that are superseded by this template.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_CertificateValidity_RenewalPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_CertificateValidity_RenewalPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_CertificateValidity_ValidityPeriod_Period <Int64>
The numeric value for the validity period.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_CertificateValidity_ValidityPeriod_PeriodType <ValidityPeriodType>
The unit of time. You can select hours, days, weeks, months, and years.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_EnrollmentFlags_EnableKeyReuseOnNtTokenKeysetStorageFull <Boolean>
Allow renewal using the same key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_EnrollmentFlags_IncludeSymmetricAlgorithms <Boolean>
Include symmetric algorithms allowed by the subject.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_EnrollmentFlags_NoSecurityExtension <Boolean>
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_EnrollmentFlags_RemoveInvalidCertificateFromPersonalStore <Boolean>
Delete expired or revoked certificates instead of archiving them.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_EnrollmentFlags_UserInteractionRequired <Boolean>
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_ApplicationPolicies_Critical <Boolean>
Marks the application policy extension as critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_ApplicationPolicies_Policies <ApplicationPolicy[]>
Application policies describe what the certificate can be used for.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_Critical <Boolean>
Sets the key usage extension to critical.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_DataEncipherment <Boolean>
DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_DigitalSignature <Boolean>
The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_KeyAgreement <Boolean>
KeyAgreement is asserted when the subject public key is used for key agreement.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_KeyEncipherment <Boolean>
KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_Extensions_KeyUsage_UsageFlags_NonRepudiation <Boolean>
NonRepudiation is asserted when the subject public key is used to verify digital signatures.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_GeneralFlags_AutoEnrollment <Boolean>
Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_GeneralFlags_MachineType <Boolean>
Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_HashAlgorithm <HashAlgorithm>
Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_Algorithm <PrivateKeyAlgorithm>
Defines the algorithm used to generate the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_CryptoProviders <String[]>
Defines the cryptographic providers used to generate the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_KeySpec <KeySpec>
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Decrypt <Boolean>
Allows key for encryption and decryption.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_KeyAgreement <Boolean>
Allows key exchange without encryption.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyFlags_Sign <Boolean>
Allow key use for digital signature.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_KeyUsageProperty_PropertyType <KeyUsagePropertyType>
You can specify all key usages using property type ALL. You can use property type or property flags but not both.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyAttributes_MinimalKeyLength <Int32>
Set the minimum key length of the private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_ClientVersion <ClientCompatibilityV4>
Defines the minimum client compatibility.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_ExportableKey <Boolean>
Allows the private key to be exported.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_RequireAlternateSignatureAlgorithm <Boolean>
Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_RequireSameKeyRenewal <Boolean>
Renew certificate using the same private key.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_StrongKeyProtectionRequired <Boolean>
Require user input when using the private key for enrollment.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_PrivateKeyFlags_UseLegacyProvider <Boolean>
Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_RequireCommonName <Boolean>
Include the common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_RequireDirectoryPath <Boolean>
Include the directory path in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_RequireDnsAsCn <Boolean>
Include the DNS as common name in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_RequireEmail <Boolean>
Include the subject's email in the subject name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireDirectoryGuid <Boolean>
Include the globally unique identifier (GUID) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireDns <Boolean>
Include the DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireDomainDns <Boolean>
Include the domain DNS in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireEmail <Boolean>
Include the subject's email in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireSpn <Boolean>
Include the service principal name (SPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SubjectNameFlags_SanRequireUpn <Boolean>
Include the user principal name (UPN) in the subject alternate name.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Definition_TemplateV4_SupersededTemplates <String[]>
List of templates in Active Directory that are superseded by this template.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Name <String>
Name of the template. The template name must be unique.
Required?True
Position?Named
Accept pipeline input?True (ByPropertyName)
-PassThru <SwitchParameter>
Changes the cmdlet behavior to return the value passed to the ConnectorArn parameter. The -PassThru parameter is deprecated, use -Select '^ConnectorArn' instead. This parameter will be removed in a future version.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Select <String>
Use the -Select parameter to control the cmdlet output. The default value is 'TemplateArn'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.PcaConnectorAd.Model.CreateTemplateResponse). Specifying the name of a property of type Amazon.PcaConnectorAd.Model.CreateTemplateResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Tag <Hashtable>
Metadata assigned to a template consisting of a key-value pair.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesTags

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAK
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-EndpointUrl <String>
The endpoint to make the call against.Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-ProfileLocation <String>
Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials.If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAWSProfilesLocation, ProfilesLocation
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesStoredCredentials, AWSProfileName
-Region <Object>
The system name of an AWS region or an AWSRegion instance. This governs the endpoint that will be used when calling service operations. Note that the AWS resources referenced in a call are usually region-specific.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesRegionToCall
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSK, SecretAccessKey
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesST

Outputs

This cmdlet returns a System.String object. The service call response (type Amazon.PcaConnectorAd.Model.CreateTemplateResponse) can be returned by specifying '-Select *'.

Supported Version

AWS Tools for PowerShell: 2.x.y.z