PolicyModuleFlagEnum Enumeration |
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
Namespace: PKI.CertificateServices.PolicyModule
Assembly: SysadminsLV.PKI (in SysadminsLV.PKI.dll) Version: 3.7.0.0 (3.7.0.0)
SyntaxMembers| Member name | Value | Description | |
|---|---|---|---|
| None | 0 | ||
| EnableRequestExtensions | 1 |
Enables 'Enabled Request Extensions' list processing.
This flag is not enabled by default. | |
| RequestExtensionList | 2 |
N/A
This flag is enabled by default on both Standalone and Enterprise CAs. | |
| DisableExtensionList | 4 |
Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request
contains one or more extemsions from this list, extensions will be discarded.
This flag is enabled by default on both Standalone and Enterprise CAs. | |
| AddOldKeyUsage | 8 |
N/A
This flag is enabled by default on both Standalone and Enterprise CAs. | |
| AddOldCertType | 16 |
N/A
This flag is not enabled by default. | |
| AttributeEndDate | 32 |
Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined
by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits
settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity.
Note: EndDate value cannot exceed ValidityPeriod and ValidityPeriodUnits settings. This flag is enabled by default on Standalone CAs. | |
| BasicConstraintsCritical | 64 |
Marks Basic Constraints extension as critical.
This flag is enabled by default on both Standalone and Enterprise CAs. | |
| BasicConstraintsCA | 128 |
Enables Basic Constraints extension for CA certificates.
This flag is enabled by default on Standalone CAs. | |
| EnableAKIKeyID | 256 |
Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier
(AKI) extension.
This flag is enabled by default on both Standalone and Enterprise CAs. | |
| AttributeCA | 512 |
N/A
This flag is enabled on Standalone CAs. | |
| IgnoreRequestGroup | 1024 |
N/A
This flag is not enabled by default. | |
| EnableAKIIssuerName | 2048 |
Enables issuer name value to appear in Authority Key Identifier
(AKI) extension.
This flag is not enabled by default. | |
| EnableAKIIssuerSerial | 4096 |
Enables issuer certificate's serial number to appear in Authority Key Identifier
(AKI) extension.
This flag is not enabled by default. | |
| EnableAKICritical | 8192 |
Marks Authority Key Identifier (AKI) extension as critical.
This flag is not enabled by default. | |
| ServerUpgraded | 16384 |
N/A
This flag is not enabled by default. | |
| AttributeEKU | 32768 |
Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated
request attribute (rather than including EKU extension as authenticated extension in the request).
This flag is enabled by default on Standalone CAs. | |
| EnableDefaultSMIME | 65536 |
N/A
This flag is enabled by default on Enterprise CAs. | |
| EmailOptional | 131072 |
N/A
This flag is not enabled by default. | |
| AttributeSubjectAlternativeName | 262144 |
Enables Subject Alternative Name (SAN) extensions passing as unauthenticated
request attribute (rather than including SAN extension as authenticated extension in the request).
Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request. This flag is not enabled by default. | |
| EnableLDAPReferrals | 524288 |
Allows Certification Authority (CA) to chase a referral for user or computer
information in a trusted forest. When referrals are not chased and the user information is not available, the
request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default
as unintended template enumeration and enrollment may occur in some scenarios.
This flag is necessary only for Cross-Forest Enrollment scenarios. This flag is not enabled by default. | |
| EnableChaseClientDC | 1048576 |
N/A
This flag is enabled by default on Enterprise CAs. | |
| AuditCertTemplateLoad | 2097152 |
Enables template list load from Active Directory audit.
This flag is not enabled by default. | |
| DisableOldOSCNUPN | 4194304 |
N/A
This flag is not enabled by default. | |
| DisableLDAPPackageList | 8388608 |
N/A
This flag is not enabled by default. | |
| EnableUPNMap | 16777216 |
N/A
This flag is not enabled by default. | |
| EnableOCSPRevNoCheck | 33554432 |
Enables id-pkix-ocsp-nocheck extension in the request.
Windows Server 2003: this flag is not supported. This flag is not enabled by default. | |
| EnableRenewOnBehalfOf | 67108864 |
Enables certificate renewel on behalf of other user or computer.
Windows Server 2003, Windows Server 2008: this flag is not supported. This flag is not enabled by default. |
RemarksSee Also