AWS::PCAConnectorAD::Template TemplateV4
v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "CertificateValidity" :
CertificateValidity
, "EnrollmentFlags" :EnrollmentFlagsV4
, "Extensions" :ExtensionsV4
, "GeneralFlags" :GeneralFlagsV4
, "HashAlgorithm" :String
, "PrivateKeyAttributes" :PrivateKeyAttributesV4
, "PrivateKeyFlags" :PrivateKeyFlagsV4
, "SubjectNameFlags" :SubjectNameFlagsV4
, "SupersededTemplates" :[ String, ... ]
}
YAML
CertificateValidity:
CertificateValidity
EnrollmentFlags:EnrollmentFlagsV4
Extensions:ExtensionsV4
GeneralFlags:GeneralFlagsV4
HashAlgorithm:String
PrivateKeyAttributes:PrivateKeyAttributesV4
PrivateKeyFlags:PrivateKeyFlagsV4
SubjectNameFlags:SubjectNameFlagsV4
SupersededTemplates:- String
Properties
CertificateValidity
-
Certificate validity describes the validity and renewal periods of a certificate.
Required: Yes
Type: CertificateValidity
Update requires: No interruption
EnrollmentFlags
-
Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
Required: Yes
Type: EnrollmentFlagsV4
Update requires: No interruption
Extensions
-
Extensions describe the key usage extensions and application policies for a template.
Required: Yes
Type: ExtensionsV4
Update requires: No interruption
GeneralFlags
-
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
Required: Yes
Type: GeneralFlagsV4
Update requires: No interruption
HashAlgorithm
-
Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.
Required: No
Type: String
Allowed values:
SHA256 | SHA384 | SHA512
Update requires: No interruption
PrivateKeyAttributes
-
Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
Required: Yes
Type: PrivateKeyAttributesV4
Update requires: No interruption
PrivateKeyFlags
-
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
Required: Yes
Type: PrivateKeyFlagsV4
Update requires: No interruption
SubjectNameFlags
-
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
Required: Yes
Type: SubjectNameFlagsV4
Update requires: No interruption
SupersededTemplates
-
List of templates in Active Directory that are superseded by this template.
Required: No
Type: Array of String
Minimum:
1 | 1
Maximum:
64 | 100
Update requires: No interruption