X509CertificateTemplateEnrollmentFlag enumeration (certenroll.h)
The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.
Syntax
typedef enum X509CertificateTemplateEnrollmentFlag {
EnrollmentIncludeSymmetricAlgorithms = 0x1,
EnrollmentPendAllRequests = 0x2,
EnrollmentPublishToKRAContainer = 0x4,
EnrollmentPublishToDS = 0x8,
EnrollmentAutoEnrollmentCheckUserDSCertificate = 0x10,
EnrollmentAutoEnrollment = 0x20,
EnrollmentDomainAuthenticationNotRequired = 0x80,
EnrollmentPreviousApprovalValidateReenrollment = 0x40,
EnrollmentUserInteractionRequired = 0x100,
EnrollmentAddTemplateName = 0x200,
EnrollmentRemoveInvalidCertificateFromPersonalStore = 0x400,
EnrollmentAllowEnrollOnBehalfOf = 0x800,
EnrollmentAddOCSPNoCheck = 0x1000,
EnrollmentReuseKeyOnFullSmartCard = 0x2000,
EnrollmentNoRevocationInfoInCerts = 0x4000,
EnrollmentIncludeBasicConstraintsForEECerts = 0x8000,
EnrollmentPreviousApprovalKeyBasedValidateReenrollment = 0x10000,
EnrollmentCertificateIssuancePoliciesFromRequest = 0x20000,
EnrollmentSkipAutoRenewal = 0x40000
} ;
Constants
EnrollmentIncludeSymmetricAlgorithmsValue: 0x1 Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate. |
EnrollmentPendAllRequestsValue: 0x2 Instructs the certification authority (CA) to place all certificate requests in a pending state. |
EnrollmentPublishToKRAContainerValue: 0x4 Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory. |
EnrollmentPublishToDSValue: 0x8 Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory. |
EnrollmentAutoEnrollmentCheckUserDSCertificateValue: 0x10 Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template. |
EnrollmentAutoEnrollmentValue: 0x20 Instructs clients to automatically enroll a certificate that is based on this template. |
EnrollmentDomainAuthenticationNotRequiredValue: 0x80 Not used. |
EnrollmentPreviousApprovalValidateReenrollmentValue: 0x40 Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates. |
EnrollmentUserInteractionRequiredValue: 0x100 Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template. |
EnrollmentAddTemplateNameValue: 0x200 Not used. |
EnrollmentRemoveInvalidCertificateFromPersonalStoreValue: 0x400 Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store. |
EnrollmentAllowEnrollOnBehalfOfValue: 0x800 Instructs the server to allow enroll-on-behalf-of (EOBO) functionality. |
EnrollmentAddOCSPNoCheckValue: 0x1000 Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate. |
EnrollmentReuseKeyOnFullSmartCardValue: 0x2000 Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card. |
EnrollmentNoRevocationInfoInCertsValue: 0x4000 Instructs the server to not include revocation information in the issued certificate. |
EnrollmentIncludeBasicConstraintsForEECertsValue: 0x8000 Instructs the server to include the Basic Constraints extension in the issued certificate. |
EnrollmentPreviousApprovalKeyBasedValidateReenrollmentValue: 0x10000 |
EnrollmentCertificateIssuancePoliciesFromRequestValue: 0x20000 |
EnrollmentSkipAutoRenewalValue: 0x40000 |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps only] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
| Header | certenroll.h |