3.1.2.4.2.2.1.1 Certificate.Template.flags
The following processing rules are applied to flags in the Certificate.Template.flags datum.
|
Flag |
Client processing |
|---|---|
|
0x00000040 - CT_FLAG_MACHINE_TYPE |
If this flag is set, an enrollment client MUST NOT send a certificate request based on this template unless the certificate and its associated key are to be used by the hosting machine. |
|
0x00000080 - CT_FLAG_IS_CA |
If this flag is set, an enrollment client MUST request a certificate for a CA. |
|
0x00000800 - CT_FLAG_IS_CROSS_CA |
If this flag is set, an enrollment client MUST request a certificate for cross-certifying a CA. For more information on cross certification, see [MSFT-CROSSCERT]. |
If the CT_FLAG_IS_CA or CT_FLAG_IS_CROSS_CA flag is set, the client MUST add the Basic Constraints extension (as specified in [RFC3280] section 4.2.1.10) to the certificate request. The cA field of the Basic Constraints extension MUST be set to TRUE, and the pathLenConstraint field MUST be set as specified in section 3.1.2.4.2.2.1.4. This extension MUST be added as a request attribute to the certificate request, as specified in section 2.2.2.7.7.