This topic has not yet been rated - Rate this topic

X509CertificateTemplateEnrollmentFlag enumeration

The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.

Syntax

C++


typedef enum X509CertificateTemplateEnrollmentFlag { 
  EnrollmentIncludeSymmetricAlgorithms                 = CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS,
  EnrollmentPendAllRequests                            = CT_FLAG_PEND_ALL_REQUESTS,
  EnrollmentPublishToKRAContainer                      = CT_FLAG_PUBLISH_TO_KRA_CONTAINER,
  EnrollmentPublishToDS                                = CT_FLAG_PUBLISH_TO_DS,
  EnrollmentAutoEnrollmentCheckUserDSCertificate       = CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE,
  EnrollmentAutoEnrollment                             = CT_FLAG_AUTO_ENROLLMENT,
  EnrollmentDomainAuthenticationNotRequired            = CT_FLAG_DOMAIN_AUTHENTICATION_NOT_REQUIRED,
  EnrollmentPreviousApprovalValidateReenrollment       = CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT,
  EnrollmentUserInteractionRequired                    = CT_FLAG_USER_INTERACTION_REQUIRED,
  EnrollmentAddTemplateName                            = CT_FLAG_ADD_TEMPLATE_NAME,
  EnrollmentRemoveInvalidCertificateFromPersonalStore  = CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE,
  EnrollmentAllowEnrollOnBehalfOf                      = CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF,
  EnrollmentAddOCSPNoCheck                             = CT_FLAG_ADD_OCSP_NOCHECK,
  EnrollmentReuseKeyOnFullSmartCard                    = CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL,
  EnrollmentNoRevocationInfoInCerts                    = CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS,
  EnrollmentIncludeBasicConstraintsForEECerts          = CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS
} X509CertificateTemplateEnrollmentFlag;

Constants

EnrollmentIncludeSymmetricAlgorithms: Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate.
EnrollmentPendAllRequests: Instructs the certification authority (CA) to place all certificate requests in a pending state.
EnrollmentPublishToKRAContainer: Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.
EnrollmentPublishToDS: Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory.
EnrollmentAutoEnrollmentCheckUserDSCertificate: Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template.
EnrollmentAutoEnrollment: Instructs clients to automatically enroll a certificate that is based on this template.
EnrollmentDomainAuthenticationNotRequired: Not used.
EnrollmentPreviousApprovalValidateReenrollment: Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates.
EnrollmentUserInteractionRequired: Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template.
EnrollmentAddTemplateName: Not used.
EnrollmentRemoveInvalidCertificateFromPersonalStore: Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store.
EnrollmentAllowEnrollOnBehalfOf: Instructs the server to allow enroll-on-behalf-of (EOBO) functionality.
EnrollmentAddOCSPNoCheck: Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate.
EnrollmentReuseKeyOnFullSmartCard: Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card.
EnrollmentNoRevocationInfoInCerts: Instructs the server to not include revocation information in the issued certificate.
EnrollmentIncludeBasicConstraintsForEECerts: Instructs the server to include the Basic Constraints extension in the issued certificate.

Requirements

Minimum supported client	Windows 7 [desktop apps only]
Minimum supported server	Windows Server 2008 R2 [desktop apps only]
Header	CertEnroll.h

Send comments about this topic to Microsoft

Build date: 10/26/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

ADD