Export (0) Print
Expand All

X509CertificateTemplateEnrollmentFlag enumeration

The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.

Syntax


typedef enum X509CertificateTemplateEnrollmentFlag { 
  EnrollmentIncludeSymmetricAlgorithms                 = CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS,
  EnrollmentPendAllRequests                            = CT_FLAG_PEND_ALL_REQUESTS,
  EnrollmentPublishToKRAContainer                      = CT_FLAG_PUBLISH_TO_KRA_CONTAINER,
  EnrollmentPublishToDS                                = CT_FLAG_PUBLISH_TO_DS,
  EnrollmentAutoEnrollmentCheckUserDSCertificate       = CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE,
  EnrollmentAutoEnrollment                             = CT_FLAG_AUTO_ENROLLMENT,
  EnrollmentDomainAuthenticationNotRequired            = CT_FLAG_DOMAIN_AUTHENTICATION_NOT_REQUIRED,
  EnrollmentPreviousApprovalValidateReenrollment       = CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT,
  EnrollmentUserInteractionRequired                    = CT_FLAG_USER_INTERACTION_REQUIRED,
  EnrollmentAddTemplateName                            = CT_FLAG_ADD_TEMPLATE_NAME,
  EnrollmentRemoveInvalidCertificateFromPersonalStore  = CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE,
  EnrollmentAllowEnrollOnBehalfOf                      = CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF,
  EnrollmentAddOCSPNoCheck                             = CT_FLAG_ADD_OCSP_NOCHECK,
  EnrollmentReuseKeyOnFullSmartCard                    = CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL,
  EnrollmentNoRevocationInfoInCerts                    = CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS,
  EnrollmentIncludeBasicConstraintsForEECerts          = CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS
} X509CertificateTemplateEnrollmentFlag;

Constants

EnrollmentIncludeSymmetricAlgorithms

Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate.

EnrollmentPendAllRequests

Instructs the certification authority (CA) to place all certificate requests in a pending state.

EnrollmentPublishToKRAContainer

Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.

EnrollmentPublishToDS

Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory.

EnrollmentAutoEnrollmentCheckUserDSCertificate

Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template.

EnrollmentAutoEnrollment

Instructs clients to automatically enroll a certificate that is based on this template.

EnrollmentDomainAuthenticationNotRequired

Not used.

EnrollmentPreviousApprovalValidateReenrollment

Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates.

EnrollmentUserInteractionRequired

Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template.

EnrollmentAddTemplateName

Not used.

EnrollmentRemoveInvalidCertificateFromPersonalStore

Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store.

EnrollmentAllowEnrollOnBehalfOf

Instructs the server to allow enroll-on-behalf-of (EOBO) functionality.

EnrollmentAddOCSPNoCheck

Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate.

EnrollmentReuseKeyOnFullSmartCard

Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card.

EnrollmentNoRevocationInfoInCerts

Instructs the server to not include revocation information in the issued certificate.

EnrollmentIncludeBasicConstraintsForEECerts

Instructs the server to include the Basic Constraints extension in the issued certificate.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

CertEnroll.h

 

 

Community Additions

ADD
Show:
© 2014 Microsoft