interface TemplateV4Property
Language | Type name |
---|---|
![]() | Amazon.CDK.aws_pcaconnectorad.CfnTemplate.TemplateV4Property |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awspcaconnectorad#CfnTemplate_TemplateV4Property |
![]() | software.amazon.awscdk.services.pcaconnectorad.CfnTemplate.TemplateV4Property |
![]() | aws_cdk.aws_pcaconnectorad.CfnTemplate.TemplateV4Property |
![]() | aws-cdk-lib » aws_pcaconnectorad » CfnTemplate » TemplateV4Property |
v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_pcaconnectorad as pcaconnectorad } from 'aws-cdk-lib';
const templateV4Property: pcaconnectorad.CfnTemplate.TemplateV4Property = {
certificateValidity: {
renewalPeriod: {
period: 123,
periodType: 'periodType',
},
validityPeriod: {
period: 123,
periodType: 'periodType',
},
},
enrollmentFlags: {
enableKeyReuseOnNtTokenKeysetStorageFull: false,
includeSymmetricAlgorithms: false,
noSecurityExtension: false,
removeInvalidCertificateFromPersonalStore: false,
userInteractionRequired: false,
},
extensions: {
keyUsage: {
usageFlags: {
dataEncipherment: false,
digitalSignature: false,
keyAgreement: false,
keyEncipherment: false,
nonRepudiation: false,
},
// the properties below are optional
critical: false,
},
// the properties below are optional
applicationPolicies: {
policies: [{
policyObjectIdentifier: 'policyObjectIdentifier',
policyType: 'policyType',
}],
// the properties below are optional
critical: false,
},
},
generalFlags: {
autoEnrollment: false,
machineType: false,
},
privateKeyAttributes: {
keySpec: 'keySpec',
minimalKeyLength: 123,
// the properties below are optional
algorithm: 'algorithm',
cryptoProviders: ['cryptoProviders'],
keyUsageProperty: {
propertyFlags: {
decrypt: false,
keyAgreement: false,
sign: false,
},
propertyType: 'propertyType',
},
},
privateKeyFlags: {
clientVersion: 'clientVersion',
// the properties below are optional
exportableKey: false,
requireAlternateSignatureAlgorithm: false,
requireSameKeyRenewal: false,
strongKeyProtectionRequired: false,
useLegacyProvider: false,
},
subjectNameFlags: {
requireCommonName: false,
requireDirectoryPath: false,
requireDnsAsCn: false,
requireEmail: false,
sanRequireDirectoryGuid: false,
sanRequireDns: false,
sanRequireDomainDns: false,
sanRequireEmail: false,
sanRequireSpn: false,
sanRequireUpn: false,
},
// the properties below are optional
hashAlgorithm: 'hashAlgorithm',
supersededTemplates: ['supersededTemplates'],
};
Properties
Name | Type | Description |
---|---|---|
certificate | IResolvable | Certificate | Certificate validity describes the validity and renewal periods of a certificate. |
enrollment | IResolvable | Enrollment | Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates. |
extensions | IResolvable | Extensions | Extensions describe the key usage extensions and application policies for a template. |
general | IResolvable | General | General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment. |
private | IResolvable | Private | Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. |
private | IResolvable | Private | Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key. |
subject | IResolvable | Subject | Subject name flags describe the subject name and subject alternate name that is included in a certificate. |
hash | string | Specifies the hash algorithm used to hash the private key. |
superseded | string[] | List of templates in Active Directory that are superseded by this template. |
certificateValidity
Type:
IResolvable
|
Certificate
Certificate validity describes the validity and renewal periods of a certificate.
enrollmentFlags
Type:
IResolvable
|
Enrollment
Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
extensions
Type:
IResolvable
|
Extensions
Extensions describe the key usage extensions and application policies for a template.
generalFlags
Type:
IResolvable
|
General
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
privateKeyAttributes
Type:
IResolvable
|
Private
Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates.
V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
privateKeyFlags
Type:
IResolvable
|
Private
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
subjectNameFlags
Type:
IResolvable
|
Subject
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
hashAlgorithm?
Type:
string
(optional)
Specifies the hash algorithm used to hash the private key.
Hash algorithm can only be specified when using Key Storage Providers.
supersededTemplates?
Type:
string[]
(optional)
List of templates in Active Directory that are superseded by this template.