This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::PCAConnectorAD::Template EnrollmentFlagsV2
Template configurations for v2 template schema.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "EnableKeyReuseOnNtTokenKeysetStorageFull" :Boolean, "IncludeSymmetricAlgorithms" :Boolean, "NoSecurityExtension" :Boolean, "RemoveInvalidCertificateFromPersonalStore" :Boolean, "UserInteractionRequired" :Boolean}
YAML
EnableKeyReuseOnNtTokenKeysetStorageFull:BooleanIncludeSymmetricAlgorithms:BooleanNoSecurityExtension:BooleanRemoveInvalidCertificateFromPersonalStore:BooleanUserInteractionRequired:Boolean
Properties
EnableKeyReuseOnNtTokenKeysetStorageFull-
Allow renewal using the same key.
Required: No
Type: Boolean
Update requires: No interruption
IncludeSymmetricAlgorithms-
Include symmetric algorithms allowed by the subject.
Required: No
Type: Boolean
Update requires: No interruption
NoSecurityExtension-
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
Required: No
Type: Boolean
Update requires: No interruption
RemoveInvalidCertificateFromPersonalStore-
Delete expired or revoked certificates instead of archiving them.
Required: No
Type: Boolean
Update requires: No interruption
UserInteractionRequired-
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Required: No
Type: Boolean
Update requires: No interruption
