Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.
Syntax
typedef enum X509CertificateTemplateEnrollmentFlag {
EnrollmentIncludeSymmetricAlgorithms = 0x1,
EnrollmentPendAllRequests = 0x2,
EnrollmentPublishToKRAContainer = 0x4,
EnrollmentPublishToDS = 0x8,
EnrollmentAutoEnrollmentCheckUserDSCertificate = 0x10,
EnrollmentAutoEnrollment = 0x20,
EnrollmentDomainAuthenticationNotRequired = 0x80,
EnrollmentPreviousApprovalValidateReenrollment = 0x40,
EnrollmentUserInteractionRequired = 0x100,
EnrollmentAddTemplateName = 0x200,
EnrollmentRemoveInvalidCertificateFromPersonalStore = 0x400,
EnrollmentAllowEnrollOnBehalfOf = 0x800,
EnrollmentAddOCSPNoCheck = 0x1000,
EnrollmentReuseKeyOnFullSmartCard = 0x2000,
EnrollmentNoRevocationInfoInCerts = 0x4000,
EnrollmentIncludeBasicConstraintsForEECerts = 0x8000,
EnrollmentPreviousApprovalKeyBasedValidateReenrollment = 0x10000,
EnrollmentCertificateIssuancePoliciesFromRequest = 0x20000,
EnrollmentSkipAutoRenewal = 0x40000
} ;
Constants
EnrollmentIncludeSymmetricAlgorithmsValue: 0x1 Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate. |
EnrollmentPendAllRequestsValue: 0x2 Instructs the certification authority (CA) to place all certificate requests in a pending state. |
EnrollmentPublishToKRAContainerValue: 0x4 Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory. |
EnrollmentPublishToDSValue: 0x8 Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory. |
EnrollmentAutoEnrollmentCheckUserDSCertificateValue: 0x10 Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template. |
EnrollmentAutoEnrollmentValue: 0x20 Instructs clients to automatically enroll a certificate that is based on this template. |
EnrollmentDomainAuthenticationNotRequiredValue: 0x80 Not used. |
EnrollmentPreviousApprovalValidateReenrollmentValue: 0x40 Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates. |
EnrollmentUserInteractionRequiredValue: 0x100 Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template. |
EnrollmentAddTemplateNameValue: 0x200 Not used. |
EnrollmentRemoveInvalidCertificateFromPersonalStoreValue: 0x400 Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store. |
EnrollmentAllowEnrollOnBehalfOfValue: 0x800 Instructs the server to allow enroll-on-behalf-of (EOBO) functionality. |
EnrollmentAddOCSPNoCheckValue: 0x1000 Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate. |
EnrollmentReuseKeyOnFullSmartCardValue: 0x2000 Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card. |
EnrollmentNoRevocationInfoInCertsValue: 0x4000 Instructs the server to not include revocation information in the issued certificate. |
EnrollmentIncludeBasicConstraintsForEECertsValue: 0x8000 Instructs the server to include the Basic Constraints extension in the issued certificate. |
EnrollmentPreviousApprovalKeyBasedValidateReenrollmentValue: 0x10000 |
EnrollmentCertificateIssuancePoliciesFromRequestValue: 0x20000 |
EnrollmentSkipAutoRenewalValue: 0x40000 |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps only] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
| Header | certenroll.h |