AWS::PCAConnectorAD::Template EnrollmentFlagsV2

Template configurations for v2 template schema.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "EnableKeyReuseOnNtTokenKeysetStorageFull" : Boolean,
  "IncludeSymmetricAlgorithms" : Boolean,
  "NoSecurityExtension" : Boolean,
  "RemoveInvalidCertificateFromPersonalStore" : Boolean,
  "UserInteractionRequired" : Boolean
}

YAML


  EnableKeyReuseOnNtTokenKeysetStorageFull: Boolean
  IncludeSymmetricAlgorithms: Boolean
  NoSecurityExtension: Boolean
  RemoveInvalidCertificateFromPersonalStore: Boolean
  UserInteractionRequired: Boolean

Properties

EnableKeyReuseOnNtTokenKeysetStorageFull

Allow renewal using the same key.

Required: No

Type: Boolean

Update requires: No interruption

IncludeSymmetricAlgorithms

Include symmetric algorithms allowed by the subject.

Required: No

Type: Boolean

Update requires: No interruption

NoSecurityExtension

This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

Required: No

Type: Boolean

Update requires: No interruption

RemoveInvalidCertificateFromPersonalStore

Delete expired or revoked certificates instead of archiving them.

Required: No

Type: Boolean

Update requires: No interruption

UserInteractionRequired

Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

Required: No

Type: Boolean

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CertificateValidity

EnrollmentFlagsV3