X509CertificateTemplateEnrollmentFlag enumeration (certenroll.h)

The X509CertificateTemplateEnrollmentFlag enumeration contains values that specify server and client actions during enrollment.

Syntax

typedef enum X509CertificateTemplateEnrollmentFlag {
  EnrollmentIncludeSymmetricAlgorithms,
  EnrollmentPendAllRequests,
  EnrollmentPublishToKRAContainer,
  EnrollmentPublishToDS,
  EnrollmentAutoEnrollmentCheckUserDSCertificate,
  EnrollmentAutoEnrollment,
  EnrollmentDomainAuthenticationNotRequired,
  EnrollmentPreviousApprovalValidateReenrollment,
  EnrollmentUserInteractionRequired,
  EnrollmentAddTemplateName,
  EnrollmentRemoveInvalidCertificateFromPersonalStore,
  EnrollmentAllowEnrollOnBehalfOf,
  EnrollmentAddOCSPNoCheck,
  EnrollmentReuseKeyOnFullSmartCard,
  EnrollmentNoRevocationInfoInCerts,
  EnrollmentIncludeBasicConstraintsForEECerts,
  EnrollmentPreviousApprovalKeyBasedValidateReenrollment,
  EnrollmentCertificateIssuancePoliciesFromRequest,
  EnrollmentSkipAutoRenewal
} ;

Constants

Name Description
EnrollmentIncludeSymmetricAlgorithms Instructs the client and server to include a Secure/Multipurpose Internet Mail Extensions (S/MIME) extension in the certificate request and issued certificate.
EnrollmentPendAllRequests Instructs the certification authority (CA) to place all certificate requests in a pending state.
EnrollmentPublishToKRAContainer Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.
EnrollmentPublishToDS Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory.
EnrollmentAutoEnrollmentCheckUserDSCertificate Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template.
EnrollmentAutoEnrollment Instructs clients to automatically enroll a certificate that is based on this template.
EnrollmentDomainAuthenticationNotRequired Not used.
EnrollmentPreviousApprovalValidateReenrollment Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates.
EnrollmentUserInteractionRequired Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template.
EnrollmentAddTemplateName Not used.
EnrollmentRemoveInvalidCertificateFromPersonalStore Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store.
EnrollmentAllowEnrollOnBehalfOf Instructs the server to allow enroll-on-behalf-of (EOBO) functionality.
EnrollmentAddOCSPNoCheck Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate.
EnrollmentReuseKeyOnFullSmartCard Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card.
EnrollmentNoRevocationInfoInCerts Instructs the server to not include revocation information in the issued certificate.
EnrollmentIncludeBasicConstraintsForEECerts Instructs the server to include the Basic Constraints extension in the issued certificate.
EnrollmentPreviousApprovalKeyBasedValidateReenrollment
EnrollmentCertificateIssuancePoliciesFromRequest
EnrollmentSkipAutoRenewal

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header certenroll.h