This product is not supported for your selected
Datadog site. (
).
aws_pca_connector_ad_template
account_id
Type: STRING
arn
Type: STRING
Provider name: Arn
Description: The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
connector_arn
Type: STRING
Provider name: ConnectorArn
Description: The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
created_at
Type: TIMESTAMP
Provider name: CreatedAt
Description: The date and time that the template was created.
definition
Type: STRUCT
Provider name: Definition
Description: Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
template_v2
Type: STRUCT
Provider name: TemplateV2
Description: Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
certificate_validity
Type: STRUCT
Provider name: CertificateValidity
Description: Certificate validity describes the validity and renewal periods of a certificate.
renewal_period
Type: STRUCT
Provider name: RenewalPeriod
Description: Renewal period is the period of time before certificate expiration when a new certificate will be requested.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
validity_period
Type: STRUCT
Provider name: ValidityPeriod
Description: Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
enrollment_flags
Type: STRUCT
Provider name: EnrollmentFlags
Description: Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
enable_key_reuse_on_nt_token_keyset_storage_full
Type: BOOLEAN
Provider name: EnableKeyReuseOnNtTokenKeysetStorageFull
Description: Allow renewal using the same key.
include_symmetric_algorithms
Type: BOOLEAN
Provider name: IncludeSymmetricAlgorithms
Description: Include symmetric algorithms allowed by the subject.
no_security_extension
Type: BOOLEAN
Provider name: NoSecurityExtension
Description: This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
remove_invalid_certificate_from_personal_store
Type: BOOLEAN
Provider name: RemoveInvalidCertificateFromPersonalStore
Description: Delete expired or revoked certificates instead of archiving them.
user_interaction_required
Type: BOOLEAN
Provider name: UserInteractionRequired
Description: Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
extensions
Type: STRUCT
Provider name: Extensions
Description: Extensions describe the key usage extensions and application policies for a template.
application_policies
Type: STRUCT
Provider name: ApplicationPolicies
Description: Application policies specify what the certificate is used for and its purpose.
critical
Type: BOOLEAN
Provider name: Critical
Description: Marks the application policy extension as critical.
policies
Type: UNORDERED_LIST_STRUCT
Provider name: Policies
Description: Application policies describe what the certificate can be used for.
policy_object_identifier
Type: STRING
Provider name: PolicyObjectIdentifier
Description: The object identifier (OID) of an application policy.
policy_type
Type: STRING
Provider name: PolicyType
Description: The type of application policy
key_usage
Type: STRUCT
Provider name: KeyUsage
Description: The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
critical
Type: BOOLEAN
Provider name: Critical
Description: Sets the key usage extension to critical.
usage_flags
Type: STRUCT
Provider name: UsageFlags
Description: The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
data_encipherment
Type: BOOLEAN
Provider name: DataEncipherment
Description: DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
digital_signature
Type: BOOLEAN
Provider name: DigitalSignature
Description: The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
key_agreement
Type: BOOLEAN
Provider name: KeyAgreement
Description: KeyAgreement is asserted when the subject public key is used for key agreement.
key_encipherment
Type: BOOLEAN
Provider name: KeyEncipherment
Description: KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
non_repudiation
Type: BOOLEAN
Provider name: NonRepudiation
Description: NonRepudiation is asserted when the subject public key is used to verify digital signatures.
general_flags
Type: STRUCT
Provider name: GeneralFlags
Description: General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
auto_enrollment
Type: BOOLEAN
Provider name: AutoEnrollment
Description: Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
machine_type
Type: BOOLEAN
Provider name: MachineType
Description: Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users.
private_key_attributes
Type: STRUCT
Provider name: PrivateKeyAttributes
Description: Private key attributes allow you to specify the minimal key length, key spec, and cryptographic providers for the private key of a certificate for v2 templates. V2 templates allow you to use Legacy Cryptographic Service Providers.
crypto_providers
Type: UNORDERED_LIST_STRING
Provider name: CryptoProviders
Description: Defines the cryptographic providers used to generate the private key.
key_spec
Type: STRING
Provider name: KeySpec
Description: Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
minimal_key_length
Type: INT32
Provider name: MinimalKeyLength
Description: Set the minimum key length of the private key.
private_key_flags
Type: STRUCT
Provider name: PrivateKeyFlags
Description: Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
client_version
Type: STRING
Provider name: ClientVersion
Description: Defines the minimum client compatibility.
exportable_key
Type: BOOLEAN
Provider name: ExportableKey
Description: Allows the private key to be exported.
strong_key_protection_required
Type: BOOLEAN
Provider name: StrongKeyProtectionRequired
Description: Require user input when using the private key for enrollment.
subject_name_flags
Type: STRUCT
Provider name: SubjectNameFlags
Description: Subject name flags describe the subject name and subject alternate name that is included in a certificate.
require_common_name
Type: BOOLEAN
Provider name: RequireCommonName
Description: Include the common name in the subject name.
require_directory_path
Type: BOOLEAN
Provider name: RequireDirectoryPath
Description: Include the directory path in the subject name.
require_dns_as_cn
Type: BOOLEAN
Provider name: RequireDnsAsCn
Description: Include the DNS as common name in the subject name.
require_email
Type: BOOLEAN
Provider name: RequireEmail
Description: Include the subject’s email in the subject name.
san_require_directory_guid
Type: BOOLEAN
Provider name: SanRequireDirectoryGuid
Description: Include the globally unique identifier (GUID) in the subject alternate name.
san_require_dns
Type: BOOLEAN
Provider name: SanRequireDns
Description: Include the DNS in the subject alternate name.
san_require_domain_dns
Type: BOOLEAN
Provider name: SanRequireDomainDns
Description: Include the domain DNS in the subject alternate name.
san_require_email
Type: BOOLEAN
Provider name: SanRequireEmail
Description: Include the subject’s email in the subject alternate name.
san_require_spn
Type: BOOLEAN
Provider name: SanRequireSpn
Description: Include the service principal name (SPN) in the subject alternate name.
san_require_upn
Type: BOOLEAN
Provider name: SanRequireUpn
Description: Include the user principal name (UPN) in the subject alternate name.
superseded_templates
Type: UNORDERED_LIST_STRING
Provider name: SupersededTemplates
Description: List of templates in Active Directory that are superseded by this template.
template_v3
Type: STRUCT
Provider name: TemplateV3
Description: Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
certificate_validity
Type: STRUCT
Provider name: CertificateValidity
Description: Certificate validity describes the validity and renewal periods of a certificate.
renewal_period
Type: STRUCT
Provider name: RenewalPeriod
Description: Renewal period is the period of time before certificate expiration when a new certificate will be requested.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
validity_period
Type: STRUCT
Provider name: ValidityPeriod
Description: Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
enrollment_flags
Type: STRUCT
Provider name: EnrollmentFlags
Description: Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
enable_key_reuse_on_nt_token_keyset_storage_full
Type: BOOLEAN
Provider name: EnableKeyReuseOnNtTokenKeysetStorageFull
Description: Allow renewal using the same key.
include_symmetric_algorithms
Type: BOOLEAN
Provider name: IncludeSymmetricAlgorithms
Description: Include symmetric algorithms allowed by the subject.
no_security_extension
Type: BOOLEAN
Provider name: NoSecurityExtension
Description: This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
remove_invalid_certificate_from_personal_store
Type: BOOLEAN
Provider name: RemoveInvalidCertificateFromPersonalStore
Description: Delete expired or revoked certificates instead of archiving them.
user_interaction_required
Type: BOOLEAN
Provider name: UserInteractionRequired
Description: Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
extensions
Type: STRUCT
Provider name: Extensions
Description: Extensions describe the key usage extensions and application policies for a template.
application_policies
Type: STRUCT
Provider name: ApplicationPolicies
Description: Application policies specify what the certificate is used for and its purpose.
critical
Type: BOOLEAN
Provider name: Critical
Description: Marks the application policy extension as critical.
policies
Type: UNORDERED_LIST_STRUCT
Provider name: Policies
Description: Application policies describe what the certificate can be used for.
policy_object_identifier
Type: STRING
Provider name: PolicyObjectIdentifier
Description: The object identifier (OID) of an application policy.
policy_type
Type: STRING
Provider name: PolicyType
Description: The type of application policy
key_usage
Type: STRUCT
Provider name: KeyUsage
Description: The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
critical
Type: BOOLEAN
Provider name: Critical
Description: Sets the key usage extension to critical.
usage_flags
Type: STRUCT
Provider name: UsageFlags
Description: The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
data_encipherment
Type: BOOLEAN
Provider name: DataEncipherment
Description: DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
digital_signature
Type: BOOLEAN
Provider name: DigitalSignature
Description: The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
key_agreement
Type: BOOLEAN
Provider name: KeyAgreement
Description: KeyAgreement is asserted when the subject public key is used for key agreement.
key_encipherment
Type: BOOLEAN
Provider name: KeyEncipherment
Description: KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
non_repudiation
Type: BOOLEAN
Provider name: NonRepudiation
Description: NonRepudiation is asserted when the subject public key is used to verify digital signatures.
general_flags
Type: STRUCT
Provider name: GeneralFlags
Description: General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
auto_enrollment
Type: BOOLEAN
Provider name: AutoEnrollment
Description: Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
machine_type
Type: BOOLEAN
Provider name: MachineType
Description: Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
hash_algorithm
Type: STRING
Provider name: HashAlgorithm
Description: Specifies the hash algorithm used to hash the private key.
private_key_attributes
Type: STRUCT
Provider name: PrivateKeyAttributes
Description: Private key attributes allow you to specify the algorithm, minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v3 templates. V3 templates allow you to use Key Storage Providers.
algorithm
Type: STRING
Provider name: Algorithm
Description: Defines the algorithm used to generate the private key.
crypto_providers
Type: UNORDERED_LIST_STRING
Provider name: CryptoProviders
Description: Defines the cryptographic providers used to generate the private key.
key_spec
Type: STRING
Provider name: KeySpec
Description: Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
key_usage_property
Type: STRUCT
Provider name: KeyUsageProperty
Description: The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
property_flags
Type: STRUCT
Provider name: PropertyFlags
Description: You can specify key usage for encryption, key agreement, and signature. You can use property flags or property type but not both.
decrypt
Type: BOOLEAN
Provider name: Decrypt
Description: Allows key for encryption and decryption.
key_agreement
Type: BOOLEAN
Provider name: KeyAgreement
Description: Allows key exchange without encryption.
sign
Type: BOOLEAN
Provider name: Sign
Description: Allow key use for digital signature.
property_type
Type: STRING
Provider name: PropertyType
Description: You can specify all key usages using property type ALL. You can use property type or property flags but not both.
minimal_key_length
Type: INT32
Provider name: MinimalKeyLength
Description: Set the minimum key length of the private key.
private_key_flags
Type: STRUCT
Provider name: PrivateKeyFlags
Description: Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
client_version
Type: STRING
Provider name: ClientVersion
Description: Defines the minimum client compatibility.
exportable_key
Type: BOOLEAN
Provider name: ExportableKey
Description: Allows the private key to be exported.
require_alternate_signature_algorithm
Type: BOOLEAN
Provider name: RequireAlternateSignatureAlgorithm
Description: Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
strong_key_protection_required
Type: BOOLEAN
Provider name: StrongKeyProtectionRequired
Description: Requirer user input when using the private key for enrollment.
subject_name_flags
Type: STRUCT
Provider name: SubjectNameFlags
Description: Subject name flags describe the subject name and subject alternate name that is included in a certificate.
require_common_name
Type: BOOLEAN
Provider name: RequireCommonName
Description: Include the common name in the subject name.
require_directory_path
Type: BOOLEAN
Provider name: RequireDirectoryPath
Description: Include the directory path in the subject name.
require_dns_as_cn
Type: BOOLEAN
Provider name: RequireDnsAsCn
Description: Include the DNS as common name in the subject name.
require_email
Type: BOOLEAN
Provider name: RequireEmail
Description: Include the subject’s email in the subject name.
san_require_directory_guid
Type: BOOLEAN
Provider name: SanRequireDirectoryGuid
Description: Include the globally unique identifier (GUID) in the subject alternate name.
san_require_dns
Type: BOOLEAN
Provider name: SanRequireDns
Description: Include the DNS in the subject alternate name.
san_require_domain_dns
Type: BOOLEAN
Provider name: SanRequireDomainDns
Description: Include the domain DNS in the subject alternate name.
san_require_email
Type: BOOLEAN
Provider name: SanRequireEmail
Description: Include the subject’s email in the subject alternate name.
san_require_spn
Type: BOOLEAN
Provider name: SanRequireSpn
Description: Include the service principal name (SPN) in the subject alternate name.
san_require_upn
Type: BOOLEAN
Provider name: SanRequireUpn
Description: Include the user principal name (UPN) in the subject alternate name.
superseded_templates
Type: UNORDERED_LIST_STRING
Provider name: SupersededTemplates
Description: List of templates in Active Directory that are superseded by this template.
template_v4
Type: STRUCT
Provider name: TemplateV4
Description: Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
certificate_validity
Type: STRUCT
Provider name: CertificateValidity
Description: Certificate validity describes the validity and renewal periods of a certificate.
renewal_period
Type: STRUCT
Provider name: RenewalPeriod
Description: Renewal period is the period of time before certificate expiration when a new certificate will be requested.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
validity_period
Type: STRUCT
Provider name: ValidityPeriod
Description: Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
period
Type: INT64
Provider name: Period
Description: The numeric value for the validity period.
period_type
Type: STRING
Provider name: PeriodType
Description: The unit of time. You can select hours, days, weeks, months, and years.
enrollment_flags
Type: STRUCT
Provider name: EnrollmentFlags
Description: Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
enable_key_reuse_on_nt_token_keyset_storage_full
Type: BOOLEAN
Provider name: EnableKeyReuseOnNtTokenKeysetStorageFull
Description: Allow renewal using the same key.
include_symmetric_algorithms
Type: BOOLEAN
Provider name: IncludeSymmetricAlgorithms
Description: Include symmetric algorithms allowed by the subject.
no_security_extension
Type: BOOLEAN
Provider name: NoSecurityExtension
Description: This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
remove_invalid_certificate_from_personal_store
Type: BOOLEAN
Provider name: RemoveInvalidCertificateFromPersonalStore
Description: Delete expired or revoked certificates instead of archiving them.
user_interaction_required
Type: BOOLEAN
Provider name: UserInteractionRequired
Description: Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
extensions
Type: STRUCT
Provider name: Extensions
Description: Extensions describe the key usage extensions and application policies for a template.
application_policies
Type: STRUCT
Provider name: ApplicationPolicies
Description: Application policies specify what the certificate is used for and its purpose.
critical
Type: BOOLEAN
Provider name: Critical
Description: Marks the application policy extension as critical.
policies
Type: UNORDERED_LIST_STRUCT
Provider name: Policies
Description: Application policies describe what the certificate can be used for.
policy_object_identifier
Type: STRING
Provider name: PolicyObjectIdentifier
Description: The object identifier (OID) of an application policy.
policy_type
Type: STRING
Provider name: PolicyType
Description: The type of application policy
key_usage
Type: STRUCT
Provider name: KeyUsage
Description: The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
critical
Type: BOOLEAN
Provider name: Critical
Description: Sets the key usage extension to critical.
usage_flags
Type: STRUCT
Provider name: UsageFlags
Description: The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
data_encipherment
Type: BOOLEAN
Provider name: DataEncipherment
Description: DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
digital_signature
Type: BOOLEAN
Provider name: DigitalSignature
Description: The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
key_agreement
Type: BOOLEAN
Provider name: KeyAgreement
Description: KeyAgreement is asserted when the subject public key is used for key agreement.
key_encipherment
Type: BOOLEAN
Provider name: KeyEncipherment
Description: KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
non_repudiation
Type: BOOLEAN
Provider name: NonRepudiation
Description: NonRepudiation is asserted when the subject public key is used to verify digital signatures.
general_flags
Type: STRUCT
Provider name: GeneralFlags
Description: General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
auto_enrollment
Type: BOOLEAN
Provider name: AutoEnrollment
Description: Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.
machine_type
Type: BOOLEAN
Provider name: MachineType
Description: Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
hash_algorithm
Type: STRING
Provider name: HashAlgorithm
Description: Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
private_key_attributes
Type: STRUCT
Provider name: PrivateKeyAttributes
Description: Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
algorithm
Type: STRING
Provider name: Algorithm
Description: Defines the algorithm used to generate the private key.
crypto_providers
Type: UNORDERED_LIST_STRING
Provider name: CryptoProviders
Description: Defines the cryptographic providers used to generate the private key.
key_spec
Type: STRING
Provider name: KeySpec
Description: Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
key_usage_property
Type: STRUCT
Provider name: KeyUsageProperty
Description: The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
property_flags
Type: STRUCT
Provider name: PropertyFlags
Description: You can specify key usage for encryption, key agreement, and signature. You can use property flags or property type but not both.
decrypt
Type: BOOLEAN
Provider name: Decrypt
Description: Allows key for encryption and decryption.
key_agreement
Type: BOOLEAN
Provider name: KeyAgreement
Description: Allows key exchange without encryption.
sign
Type: BOOLEAN
Provider name: Sign
Description: Allow key use for digital signature.
property_type
Type: STRING
Provider name: PropertyType
Description: You can specify all key usages using property type ALL. You can use property type or property flags but not both.
minimal_key_length
Type: INT32
Provider name: MinimalKeyLength
Description: Set the minimum key length of the private key.
private_key_flags
Type: STRUCT
Provider name: PrivateKeyFlags
Description: Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
client_version
Type: STRING
Provider name: ClientVersion
Description: Defines the minimum client compatibility.
exportable_key
Type: BOOLEAN
Provider name: ExportableKey
Description: Allows the private key to be exported.
require_alternate_signature_algorithm
Type: BOOLEAN
Provider name: RequireAlternateSignatureAlgorithm
Description: Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
require_same_key_renewal
Type: BOOLEAN
Provider name: RequireSameKeyRenewal
Description: Renew certificate using the same private key.
strong_key_protection_required
Type: BOOLEAN
Provider name: StrongKeyProtectionRequired
Description: Require user input when using the private key for enrollment.
use_legacy_provider
Type: BOOLEAN
Provider name: UseLegacyProvider
Description: Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
subject_name_flags
Type: STRUCT
Provider name: SubjectNameFlags
Description: Subject name flags describe the subject name and subject alternate name that is included in a certificate.
require_common_name
Type: BOOLEAN
Provider name: RequireCommonName
Description: Include the common name in the subject name.
require_directory_path
Type: BOOLEAN
Provider name: RequireDirectoryPath
Description: Include the directory path in the subject name.
require_dns_as_cn
Type: BOOLEAN
Provider name: RequireDnsAsCn
Description: Include the DNS as common name in the subject name.
require_email
Type: BOOLEAN
Provider name: RequireEmail
Description: Include the subject’s email in the subject name.
san_require_directory_guid
Type: BOOLEAN
Provider name: SanRequireDirectoryGuid
Description: Include the globally unique identifier (GUID) in the subject alternate name.
san_require_dns
Type: BOOLEAN
Provider name: SanRequireDns
Description: Include the DNS in the subject alternate name.
san_require_domain_dns
Type: BOOLEAN
Provider name: SanRequireDomainDns
Description: Include the domain DNS in the subject alternate name.
san_require_email
Type: BOOLEAN
Provider name: SanRequireEmail
Description: Include the subject’s email in the subject alternate name.
san_require_spn
Type: BOOLEAN
Provider name: SanRequireSpn
Description: Include the service principal name (SPN) in the subject alternate name.
san_require_upn
Type: BOOLEAN
Provider name: SanRequireUpn
Description: Include the user principal name (UPN) in the subject alternate name.
superseded_templates
Type: UNORDERED_LIST_STRING
Provider name: SupersededTemplates
Description: List of templates in Active Directory that are superseded by this template.
name
Type: STRING
Provider name: Name
Description: Name of the template. The template name must be unique.
object_identifier
Type: STRING
Provider name: ObjectIdentifier
Description: Object identifier of a template.
policy_schema
Type: INT32
Provider name: PolicySchema
Description: The template schema version. Template schema versions can be v2, v3, or v4. The template configuration options change based on the template schema version.
revision
Type: STRUCT
Provider name: Revision
Description: The revision version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
major_revision
Type: INT32
Provider name: MajorRevision
Description: The revision version of the template. Re-enrolling all certificate holders will increment the major revision.
minor_revision
Type: INT32
Provider name: MinorRevision
Description: The revision version of the template. Re-enrolling all certificate holders will increment the major revision.
status
Type: STRING
Provider name: Status
Description: Status of the template. Status can be creating, active, deleting, or failed.
Type: UNORDERED_LIST_STRING
updated_at
Type: TIMESTAMP
Provider name: UpdatedAt
Description: The date and time that the template was updated.
