This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::PCAConnectorAD::Template EnrollmentFlagsV2 Template configurations for v2 template schema. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EnableKeyReuseOnNtTokenKeysetStorageFull](#cfn-pcaconnectorad-template-enrollmentflagsv2-enablekeyreuseonnttokenkeysetstoragefull)" : Boolean, "[IncludeSymmetricAlgorithms](#cfn-pcaconnectorad-template-enrollmentflagsv2-includesymmetricalgorithms)" : Boolean, "[NoSecurityExtension](#cfn-pcaconnectorad-template-enrollmentflagsv2-nosecurityextension)" : Boolean, "[RemoveInvalidCertificateFromPersonalStore](#cfn-pcaconnectorad-template-enrollmentflagsv2-removeinvalidcertificatefrompersonalstore)" : Boolean, "[UserInteractionRequired](#cfn-pcaconnectorad-template-enrollmentflagsv2-userinteractionrequired)" : Boolean } ``` ### YAML ``` [EnableKeyReuseOnNtTokenKeysetStorageFull](#cfn-pcaconnectorad-template-enrollmentflagsv2-enablekeyreuseonnttokenkeysetstoragefull): Boolean [IncludeSymmetricAlgorithms](#cfn-pcaconnectorad-template-enrollmentflagsv2-includesymmetricalgorithms): Boolean [NoSecurityExtension](#cfn-pcaconnectorad-template-enrollmentflagsv2-nosecurityextension): Boolean [RemoveInvalidCertificateFromPersonalStore](#cfn-pcaconnectorad-template-enrollmentflagsv2-removeinvalidcertificatefrompersonalstore): Boolean [UserInteractionRequired](#cfn-pcaconnectorad-template-enrollmentflagsv2-userinteractionrequired): Boolean ``` ## Properties `EnableKeyReuseOnNtTokenKeysetStorageFull` Allow renewal using the same key. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IncludeSymmetricAlgorithms` Include symmetric algorithms allowed by the subject. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NoSecurityExtension` This flag instructs the CA to not include the security extension szOID\$1NTDS\$1CA\$1SECURITY\$1EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RemoveInvalidCertificateFromPersonalStore` Delete expired or revoked certificates instead of archiving them. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserInteractionRequired` Require user interaction when the subject is enrolled and the private key associated with the certificate is used. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)