AccessRights accessRights
Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.
Date createdAt
The date and time that the Access Control Entry was created.
String groupDisplayName
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Date updatedAt
The date and time that the Access Control Entry was updated.
AccessRights accessRights
Allow or deny an Active Directory group from enrolling and autoenrolling certificates issued against a template.
Date createdAt
The date and time that the Access Control Entry was created.
String groupDisplayName
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Date updatedAt
The date and time that the Access Control Entry was updated.
String autoEnroll
Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment
String enroll
Allow or deny an Active Directory group from enrolling certificates issued against a template.
ValidityPeriod renewalPeriod
Renewal period is the period of time before certificate expiration when a new certificate will be requested.
ValidityPeriod validityPeriod
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the certificate authority being used.
String certificateEnrollmentPolicyServerEndpoint
Certificate enrollment endpoint for Active Directory domain-joined objects reach out to when requesting certificates.
Date createdAt
The date and time that the connector was created.
String directoryId
The identifier of the Active Directory.
String status
Status of the connector. Status can be creating, active, deleting, or failed.
String statusReason
Additional information about the connector status if the status is failed.
Date updatedAt
The date and time that the connector was updated.
VpcInformation vpcInformation
Information of the VPC and security group(s) used with the connector.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the certificate authority being used.
String certificateEnrollmentPolicyServerEndpoint
Certificate enrollment endpoint for Active Directory domain-joined objects to request certificates.
Date createdAt
The date and time that the connector was created.
String directoryId
The identifier of the Active Directory.
String status
Status of the connector. Status can be creating, active, deleting, or failed.
String statusReason
Additional information about the connector status if the status is failed.
Date updatedAt
The date and time that the connector was updated.
VpcInformation vpcInformation
Information of the VPC and security group(s) used with the connector.
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the certificate authority being used.
String clientToken
Idempotency token.
String directoryId
The identifier of the Active Directory.
Map<K,V> tags
Metadata assigned to a connector consisting of a key-value pair.
VpcInformation vpcInformation
Security group IDs that describe the inbound and outbound rules.
String connectorArn
If successful, the Amazon Resource Name (ARN) of the connector for Active Directory.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
String clientToken
Idempotency token.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
AccessRights accessRights
Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
String clientToken
Idempotency token.
String groupDisplayName
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String clientToken
Idempotency token.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
TemplateDefinition definition
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
String name
Name of the template. The template name must be unique.
Map<K,V> tags
Metadata assigned to a template consisting of a key-value pair.
String templateArn
If successful, the Amazon Resource Name (ARN) of the template.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
Date createdAt
The date and time that the directory registration was created.
String directoryId
The identifier of the Active Directory.
String status
Status of the directory registration.
String statusReason
Additional information about the directory registration status if the status is failed.
Date updatedAt
The date and time that the directory registration was updated.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
Date createdAt
The date and time that the directory registration was created.
String directoryId
The identifier of the Active Directory.
String status
Status of the directory registration.
String statusReason
Additional information about the directory registration status if the status is failed.
Date updatedAt
The date and time that the directory registration was updated.
Boolean enableKeyReuseOnNtTokenKeysetStorageFull
Allow renewal using the same key.
Boolean includeSymmetricAlgorithms
Include symmetric algorithms allowed by the subject.
Boolean noSecurityExtension
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Boolean removeInvalidCertificateFromPersonalStore
Delete expired or revoked certificates instead of archiving them.
Boolean userInteractionRequired
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Boolean enableKeyReuseOnNtTokenKeysetStorageFull
Allow renewal using the same key.
Boolean includeSymmetricAlgorithms
Include symmetric algorithms allowed by the subject.
Boolean noSecurityExtension
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Boolean removeInvalidCertificateFromPersonalStore
Delete expired or revoked certificates instead of archiving them.
Boolean userInteractionRequired
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Boolean enableKeyReuseOnNtTokenKeysetStorageFull
Allow renewal using the same key.
Boolean includeSymmetricAlgorithms
Include symmetric algorithms allowed by the subject.
Boolean noSecurityExtension
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Boolean removeInvalidCertificateFromPersonalStore
Delete expired or revoked certificates instead of archiving them.
Boolean userInteractionRequired
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
ApplicationPolicies applicationPolicies
Application policies specify what the certificate is used for and its purpose.
KeyUsage keyUsage
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
ApplicationPolicies applicationPolicies
Application policies specify what the certificate is used for and its purpose.
KeyUsage keyUsage
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
ApplicationPolicies applicationPolicies
Application policies specify what the certificate is used for and its purpose.
KeyUsage keyUsage
The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Connector connector
A structure that contains information about your connector.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
DirectoryRegistration directoryRegistration
The directory registration represents the authorization of the connector service with a directory.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
ServicePrincipalName servicePrincipalName
The service principal name that the connector uses to authenticate with Active Directory.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
AccessControlEntry accessControlEntry
An access control entry allows or denies an Active Directory group from enrolling and/or autoenrolling with a template.
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Template template
A certificate template that the connector uses to issue certificates from a private CA.
Boolean critical
Sets the key usage extension to critical.
KeyUsageFlags usageFlags
The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
Boolean dataEncipherment
DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
Boolean digitalSignature
The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
Boolean keyAgreement
KeyAgreement is asserted when the subject public key is used for key agreement.
Boolean keyEncipherment
KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
Boolean nonRepudiation
NonRepudiation is asserted when the subject public key is used to verify digital signatures.
KeyUsagePropertyFlags propertyFlags
You can specify key usage for encryption, key agreement, and signature. You can use property flags or property type but not both.
String propertyType
You can specify all key usages using property type ALL. You can use property type or property flags but not both.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken element is sent in
the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
List<E> connectors
Summary information about each connector you have created.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken element is sent in
the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
List<E> directoryRegistrations
Summary information about each directory registration you have created.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken element is sent in
the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
List<E> servicePrincipalNames
The service principal name, if any, that the connector uses to authenticate with Active Directory.
String resourceArn
The Amazon Resource Name (ARN) that was returned when you created the resource.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken element is sent in
the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
List<E> accessControlEntries
An access control entry grants or denies permission to an Active Directory group to enroll certificates for a template.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken element is sent in
the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken parameter from the response you just received.
List<E> templates
Custom configuration templates used when issuing a certificate.
List<E> cryptoProviders
Defines the cryptographic providers used to generate the private key.
String keySpec
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
Integer minimalKeyLength
Set the minimum key length of the private key.
String algorithm
Defines the algorithm used to generate the private key.
List<E> cryptoProviders
Defines the cryptographic providers used to generate the private key.
String keySpec
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
KeyUsageProperty keyUsageProperty
The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
Integer minimalKeyLength
Set the minimum key length of the private key.
String algorithm
Defines the algorithm used to generate the private key.
List<E> cryptoProviders
Defines the cryptographic providers used to generate the private key.
String keySpec
Defines the purpose of the private key. Set it to "KEY_EXCHANGE" or "SIGNATURE" value.
KeyUsageProperty keyUsageProperty
The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
Integer minimalKeyLength
Set the minimum key length of the private key.
String clientVersion
Defines the minimum client compatibility.
Boolean exportableKey
Allows the private key to be exported.
Boolean requireAlternateSignatureAlgorithm
Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
Boolean strongKeyProtectionRequired
Requirer user input when using the private key for enrollment.
String clientVersion
Defines the minimum client compatibility.
Boolean exportableKey
Allows the private key to be exported.
Boolean requireAlternateSignatureAlgorithm
Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
Boolean requireSameKeyRenewal
Renew certificate using the same private key.
Boolean strongKeyProtectionRequired
Require user input when using the private key for enrollment.
Boolean useLegacyProvider
Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.html.
Date createdAt
The date and time that the service principal name was created.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
String status
The status of a service principal name.
String statusReason
Additional information for the status of a service principal name if the status is failed.
Date updatedAt
The date and time that the service principal name was updated.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Date createdAt
The date and time that the service principal name was created.
String directoryRegistrationArn
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
String status
The status of a service principal name.
String statusReason
Additional information for the status of a service principal name if the status is failed.
Date updatedAt
Time when the service principal name was updated.
String quotaCode
The code associated with the service quota.
String resourceId
The identifier of the Amazon Web Services resource.
String resourceType
The resource type, which can be one of Connector, Template,
TemplateGroupAccessControlEntry, ServicePrincipalName, or
DirectoryRegistration.
String serviceCode
Identifies the originating service.
Boolean requireCommonName
Include the common name in the subject name.
Boolean requireDirectoryPath
Include the directory path in the subject name.
Boolean requireDnsAsCn
Include the DNS as common name in the subject name.
Boolean requireEmail
Include the subject's email in the subject name.
Boolean sanRequireDirectoryGuid
Include the globally unique identifier (GUID) in the subject alternate name.
Boolean sanRequireDns
Include the DNS in the subject alternate name.
Boolean sanRequireDomainDns
Include the domain DNS in the subject alternate name.
Boolean sanRequireEmail
Include the subject's email in the subject alternate name.
Boolean sanRequireSpn
Include the service principal name (SPN) in the subject alternate name.
Boolean sanRequireUpn
Include the user principal name (UPN) in the subject alternate name.
Boolean requireCommonName
Include the common name in the subject name.
Boolean requireDirectoryPath
Include the directory path in the subject name.
Boolean requireDnsAsCn
Include the DNS as common name in the subject name.
Boolean requireEmail
Include the subject's email in the subject name.
Boolean sanRequireDirectoryGuid
Include the globally unique identifier (GUID) in the subject alternate name.
Boolean sanRequireDns
Include the DNS in the subject alternate name.
Boolean sanRequireDomainDns
Include the domain DNS in the subject alternate name.
Boolean sanRequireEmail
Include the subject's email in the subject alternate name.
Boolean sanRequireSpn
Include the service principal name (SPN) in the subject alternate name.
Boolean sanRequireUpn
Include the user principal name (UPN) in the subject alternate name.
Boolean requireCommonName
Include the common name in the subject name.
Boolean requireDirectoryPath
Include the directory path in the subject name.
Boolean requireDnsAsCn
Include the DNS as common name in the subject name.
Boolean requireEmail
Include the subject's email in the subject name.
Boolean sanRequireDirectoryGuid
Include the globally unique identifier (GUID) in the subject alternate name.
Boolean sanRequireDns
Include the DNS in the subject alternate name.
Boolean sanRequireDomainDns
Include the domain DNS in the subject alternate name.
Boolean sanRequireEmail
Include the subject's email in the subject alternate name.
Boolean sanRequireSpn
Include the service principal name (SPN) in the subject alternate name.
Boolean sanRequireUpn
Include the user principal name (UPN) in the subject alternate name.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Date createdAt
The date and time that the template was created.
TemplateDefinition definition
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
String name
Name of the templates. Template names must be unique.
String objectIdentifier
Object identifier of a template.
Integer policySchema
The template schema version. Template schema versions can be v2, v3, or v4. The template configuration options change based on the template schema version.
TemplateRevision revision
The version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
String status
Status of the template. Status can be creating, active, deleting, or failed.
Date updatedAt
The date and time that the template was updated.
TemplateV2 templateV2
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
TemplateV3 templateV3
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
TemplateV4 templateV4
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
String arn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String connectorArn
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
Date createdAt
The date and time that the template was created.
TemplateDefinition definition
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
String name
Name of the template. The template name must be unique.
String objectIdentifier
Object identifier of a template.
Integer policySchema
The template schema version. Template schema versions can be v2, v3, or v4. The template configuration options change based on the template schema version.
TemplateRevision revision
The revision version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
String status
Status of the template. Status can be creating, active, deleting, or failed.
Date updatedAt
The date and time that the template was updated.
CertificateValidity certificateValidity
Certificate validity describes the validity and renewal periods of a certificate.
EnrollmentFlagsV2 enrollmentFlags
Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
ExtensionsV2 extensions
Extensions describe the key usage extensions and application policies for a template.
GeneralFlagsV2 generalFlags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
PrivateKeyAttributesV2 privateKeyAttributes
Private key attributes allow you to specify the minimal key length, key spec, and cryptographic providers for the private key of a certificate for v2 templates. V2 templates allow you to use Legacy Cryptographic Service Providers.
PrivateKeyFlagsV2 privateKeyFlags
Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
SubjectNameFlagsV2 subjectNameFlags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
List<E> supersededTemplates
List of templates in Active Directory that are superseded by this template.
CertificateValidity certificateValidity
Certificate validity describes the validity and renewal periods of a certificate.
EnrollmentFlagsV3 enrollmentFlags
Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
ExtensionsV3 extensions
Extensions describe the key usage extensions and application policies for a template.
GeneralFlagsV3 generalFlags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
String hashAlgorithm
Specifies the hash algorithm used to hash the private key.
PrivateKeyAttributesV3 privateKeyAttributes
Private key attributes allow you to specify the algorithm, minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v3 templates. V3 templates allow you to use Key Storage Providers.
PrivateKeyFlagsV3 privateKeyFlags
Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
SubjectNameFlagsV3 subjectNameFlags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
List<E> supersededTemplates
List of templates in Active Directory that are superseded by this template.
CertificateValidity certificateValidity
Certificate validity describes the validity and renewal periods of a certificate.
EnrollmentFlagsV4 enrollmentFlags
Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
ExtensionsV4 extensions
Extensions describe the key usage extensions and application policies for a template.
GeneralFlagsV4 generalFlags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
String hashAlgorithm
Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
PrivateKeyAttributesV4 privateKeyAttributes
Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
PrivateKeyFlagsV4 privateKeyFlags
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
SubjectNameFlagsV4 subjectNameFlags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
List<E> supersededTemplates
List of templates in Active Directory that are superseded by this template.
AccessRights accessRights
Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
String groupDisplayName
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
String groupSecurityIdentifier
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
TemplateDefinition definition
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
Boolean reenrollAllCertificateHolders
This setting allows the major version of a template to be increased automatically. All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.
String templateArn
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
String reason
The reason for the validation error. This won't be return for every validation exception.
Copyright © 2024. All rights reserved.