AWS::PCAConnectorAD::Template PrivateKeyFlagsV4 - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::PCAConnectorAD::Template PrivateKeyFlagsV4

Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "ClientVersion" : String,
  "ExportableKey" : Boolean,
  "RequireAlternateSignatureAlgorithm" : Boolean,
  "RequireSameKeyRenewal" : Boolean,
  "StrongKeyProtectionRequired" : Boolean,
  "UseLegacyProvider" : Boolean
}

Properties

ClientVersion

Defines the minimum client compatibility.

Required: Yes

Type: String

Allowed values: WINDOWS_SERVER_2012 | WINDOWS_SERVER_2012_R2 | WINDOWS_SERVER_2016

Update requires: No interruption

ExportableKey

Allows the private key to be exported.

Required: No

Type: Boolean

Update requires: No interruption

RequireAlternateSignatureAlgorithm

Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.

Required: No

Type: Boolean

Update requires: No interruption

RequireSameKeyRenewal

Renew certificate using the same private key.

Required: No

Type: Boolean

Update requires: No interruption

StrongKeyProtectionRequired

Require user input when using the private key for enrollment.

Required: No

Type: Boolean

Update requires: No interruption

UseLegacyProvider

Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.

Required: No

Type: Boolean

Update requires: No interruption