Edit

Share via

MSFT_NetIKECertAuthProposal class

  • Article

Represents an auth proposal that uses certificates to authenticate the remote peer. Instances of this class only exist as embedded instances within a MSFT_NetIKEP1AuthSet and MSFT_NetIKEP2AuthSet.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

class MSFT_NetIKECertAuthProposal : MSFT_NetIKEAuthProposal
{
  string  TrustedCA;
  uint16  TrustedCAType;
  boolean ExcludeCAName;
  boolean MapToAccount;
  uint16  SigningAlgorithm;
  string  CertName;
  uint16  CertNameType;
  string  EKUs[];
  string  Thumbprint;
  boolean FollowRenewal;
  boolean SelectionCriteria;
  boolean ValidationCriteria;
  uint16  AuthenticationMethod;
  uint64  MaxLifetimeSeconds;
  uint64  MaxLifetimeKilobytes;
  uint16  CipherAlgorithm;
  string  OtherCipherAlgorithm;
  uint16  HashAlgorithm;
  string  OtherHashAlgorithm;
  string  OtherAuthenticationMethod;
  uint16  GroupId;
  string  VendorID;
  string  InstanceID;
  string  Caption;
  string  Description;
  string  ElementName;
};

Members

The MSFT_NetIKECertAuthProposal class has these types of members:

Properties

The MSFT_NetIKECertAuthProposal class has these properties.

AuthenticationMethod

Data type: uint16

Access type: Read-only

Specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod.

Pre-shared Key (2)

Anonymous (65001)

Kerberos (machine as principal) (65002)

NTLM (machine as principal) (65003)

Kerberos (user as principal) (65004)

NTLM (user as principal) (65005)

X.509 Certificates (machine as principal) (65005)

X.509 Certificates (user as principal) (65007)

X.509 Certificates (machine health) (65008 )

Caption

Data type: string

Access type: Read-only

This field is ignored.

CertName

Data type: string

Access type: Read-only

The name that should be on the certificate.

CertNameType

Data type: uint16

Access type: Read-only

The type of name used in CertName.

None (0)

DNS (1)

UPN (2)

RFC822 (3)

CN (4)

OU (5)

O (6)

DC (7 )

CipherAlgorithm

Data type: uint16

Access type: Read-only

This field is ignored.

Description

Data type: string

Access type: Read-only

This field is ignored.

EKUs

Data type: string array

Access type: Read-only

The EKU's to accept.

ElementName

Data type: string

Access type: Read-only

This field is ignored.

ExcludeCAName

Data type: boolean

Access type: Read-only

If this flag is set, certificate authority names are excluded. This flag MUST be set only on first authentications.

FollowRenewal

Data type: boolean

Access type: Read-only

Whether to follow certificate renewal.

GroupId

Data type: uint16

Access type: Read-only

This field is ignored.

HashAlgorithm

Data type: uint16

Access type: Read-only

This field is ignored.

InstanceID

Data type: string

Access type: Read-only

This field is ignored.

MapToAccount

Data type: boolean

Access type: Read-only

If this flag is set, Windows will attempt to map certificates to domain accounts.

MaxLifetimeKilobytes

Data type: uint64

Access type: Read-only

This field is ignored.

MaxLifetimeSeconds

Data type: uint64

Access type: Read-only

This field is ignored.

OtherAuthenticationMethod

Data type: string

Access type: Read-only

This field is ignored.

OtherCipherAlgorithm

Data type: string

Access type: Read-only

This field is ignored.

OtherHashAlgorithm

Data type: string

Access type: Read-only

This field is ignored.

SelectionCriteria

Data type: boolean

Access type: Read-only

Whether the cert criteria (CertName, EKUs, Thumbprint) should be used when choosing which certificates to offer.

SigningAlgorithm

Data type: uint16

Access type: Read-only

Specifies the certificate signing algorithm to use.

RSA (1)

256-bit Elliptic-Curve DSA (2)

384-bit Elliptic-Curve DSA (3 )

Thumbprint

Data type: string

Access type: Read-only

The thumbprint to accept.

TrustedCA

Data type: string

Access type: Read-only

Only certs issued by this CA should be allowed.

TrustedCAType

Data type: uint16

Access type: Read-only

Indicates whether to accept certificates only from the root TrustedCA, or to also accept certificates from Intermediate CA's which are children of the TrustedCA.

Root CA (1)

Intermediate CA (2 )

ValidationCriteria

Data type: boolean

Access type: Read-only

Whether the cert criteria (CertName, EKUs, Thumbprint) should be used for validating the certificates presented.

VendorID

Data type: string

Access type: Read-only

This field is ignored.

Requirements
Minimum supported client
 Windows 8
Minimum supported server
 Windows Server 2012
Namespace
 Root\StandardCimv2
MOF
WFasCim.mof
DLL
WFasCim.dll