AWS::PCAConnectorAD::Template PrivateKeyFlagsV4
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "ClientVersion" :
String
, "ExportableKey" :Boolean
, "RequireAlternateSignatureAlgorithm" :Boolean
, "RequireSameKeyRenewal" :Boolean
, "StrongKeyProtectionRequired" :Boolean
, "UseLegacyProvider" :Boolean
}
YAML
ClientVersion:
String
ExportableKey:Boolean
RequireAlternateSignatureAlgorithm:Boolean
RequireSameKeyRenewal:Boolean
StrongKeyProtectionRequired:Boolean
UseLegacyProvider:Boolean
Properties
ClientVersion
-
Defines the minimum client compatibility.
Required: Yes
Type: String
Allowed values:
WINDOWS_SERVER_2012 | WINDOWS_SERVER_2012_R2 | WINDOWS_SERVER_2016
Update requires: No interruption
ExportableKey
-
Allows the private key to be exported.
Required: No
Type: Boolean
Update requires: No interruption
RequireAlternateSignatureAlgorithm
-
Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
Required: No
Type: Boolean
Update requires: No interruption
RequireSameKeyRenewal
-
Renew certificate using the same private key.
Required: No
Type: Boolean
Update requires: No interruption
StrongKeyProtectionRequired
-
Require user input when using the private key for enrollment.
Required: No
Type: Boolean
Update requires: No interruption
UseLegacyProvider
-
Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
Required: No
Type: Boolean
Update requires: No interruption