X509CertificateTemplateEnrollmentFlag enumeration (certenroll.h)

The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.

Syntax

typedef enum X509CertificateTemplateEnrollmentFlag {
  EnrollmentIncludeSymmetricAlgorithms = 0x1,
  EnrollmentPendAllRequests = 0x2,
  EnrollmentPublishToKRAContainer = 0x4,
  EnrollmentPublishToDS = 0x8,
  EnrollmentAutoEnrollmentCheckUserDSCertificate = 0x10,
  EnrollmentAutoEnrollment = 0x20,
  EnrollmentDomainAuthenticationNotRequired = 0x80,
  EnrollmentPreviousApprovalValidateReenrollment = 0x40,
  EnrollmentUserInteractionRequired = 0x100,
  EnrollmentAddTemplateName = 0x200,
  EnrollmentRemoveInvalidCertificateFromPersonalStore = 0x400,
  EnrollmentAllowEnrollOnBehalfOf = 0x800,
  EnrollmentAddOCSPNoCheck = 0x1000,
  EnrollmentReuseKeyOnFullSmartCard = 0x2000,
  EnrollmentNoRevocationInfoInCerts = 0x4000,
  EnrollmentIncludeBasicConstraintsForEECerts = 0x8000,
  EnrollmentPreviousApprovalKeyBasedValidateReenrollment = 0x10000,
  EnrollmentCertificateIssuancePoliciesFromRequest = 0x20000,
  EnrollmentSkipAutoRenewal = 0x40000
} ;

Constants

 
EnrollmentIncludeSymmetricAlgorithms
Value: 0x1
Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate.
EnrollmentPendAllRequests
Value: 0x2
Instructs the certification authority (CA) to place all certificate requests in a pending state.
EnrollmentPublishToKRAContainer
Value: 0x4
Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.
EnrollmentPublishToDS
Value: 0x8
Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory.
EnrollmentAutoEnrollmentCheckUserDSCertificate
Value: 0x10
Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template.
EnrollmentAutoEnrollment
Value: 0x20
Instructs clients to automatically enroll a certificate that is based on this template.
EnrollmentDomainAuthenticationNotRequired
Value: 0x80
Not used.
EnrollmentPreviousApprovalValidateReenrollment
Value: 0x40
Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates.
EnrollmentUserInteractionRequired
Value: 0x100
Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template.
EnrollmentAddTemplateName
Value: 0x200
Not used.
EnrollmentRemoveInvalidCertificateFromPersonalStore
Value: 0x400
Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store.
EnrollmentAllowEnrollOnBehalfOf
Value: 0x800
Instructs the server to allow enroll-on-behalf-of (EOBO) functionality.
EnrollmentAddOCSPNoCheck
Value: 0x1000
Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate.
EnrollmentReuseKeyOnFullSmartCard
Value: 0x2000
Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card.
EnrollmentNoRevocationInfoInCerts
Value: 0x4000
Instructs the server to not include revocation information in the issued certificate.
EnrollmentIncludeBasicConstraintsForEECerts
Value: 0x8000
Instructs the server to include the Basic Constraints extension in the issued certificate.
EnrollmentPreviousApprovalKeyBasedValidateReenrollment
Value: 0x10000
EnrollmentCertificateIssuancePoliciesFromRequest
Value: 0x20000
EnrollmentSkipAutoRenewal
Value: 0x40000

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header certenroll.h