Create Template
| pcaconnectorad_create_template | R Documentation |
Creates an Active Directory compatible certificate template¶
Description¶
Creates an Active Directory compatible certificate template. The connectors issues certificates using these templates based on the requester’s Active Directory group membership.
Usage¶
Arguments¶
ClientTokenIdempotency token.
ConnectorArn[required] The Amazon Resource Name (ARN) that was returned when you called
create_connector.Definition[required] Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
Name[required] Name of the template. The template name must be unique.
TagsMetadata assigned to a template consisting of a key-value pair.
Value¶
A list with the following syntax:
Request syntax¶
svc$create_template(
ClientToken = "string",
ConnectorArn = "string",
Definition = list(
TemplateV2 = list(
CertificateValidity = list(
RenewalPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
),
ValidityPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
)
),
EnrollmentFlags = list(
EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
IncludeSymmetricAlgorithms = TRUE|FALSE,
NoSecurityExtension = TRUE|FALSE,
RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
UserInteractionRequired = TRUE|FALSE
),
Extensions = list(
ApplicationPolicies = list(
Critical = TRUE|FALSE,
Policies = list(
list(
PolicyObjectIdentifier = "string",
PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
)
)
),
KeyUsage = list(
Critical = TRUE|FALSE,
UsageFlags = list(
DataEncipherment = TRUE|FALSE,
DigitalSignature = TRUE|FALSE,
KeyAgreement = TRUE|FALSE,
KeyEncipherment = TRUE|FALSE,
NonRepudiation = TRUE|FALSE
)
)
),
GeneralFlags = list(
AutoEnrollment = TRUE|FALSE,
MachineType = TRUE|FALSE
),
PrivateKeyAttributes = list(
CryptoProviders = list(
"string"
),
KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
MinimalKeyLength = 123
),
PrivateKeyFlags = list(
ClientVersion = "WINDOWS_SERVER_2003"|"WINDOWS_SERVER_2008"|"WINDOWS_SERVER_2008_R2"|"WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
ExportableKey = TRUE|FALSE,
StrongKeyProtectionRequired = TRUE|FALSE
),
SubjectNameFlags = list(
RequireCommonName = TRUE|FALSE,
RequireDirectoryPath = TRUE|FALSE,
RequireDnsAsCn = TRUE|FALSE,
RequireEmail = TRUE|FALSE,
SanRequireDirectoryGuid = TRUE|FALSE,
SanRequireDns = TRUE|FALSE,
SanRequireDomainDns = TRUE|FALSE,
SanRequireEmail = TRUE|FALSE,
SanRequireSpn = TRUE|FALSE,
SanRequireUpn = TRUE|FALSE
),
SupersededTemplates = list(
"string"
)
),
TemplateV3 = list(
CertificateValidity = list(
RenewalPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
),
ValidityPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
)
),
EnrollmentFlags = list(
EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
IncludeSymmetricAlgorithms = TRUE|FALSE,
NoSecurityExtension = TRUE|FALSE,
RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
UserInteractionRequired = TRUE|FALSE
),
Extensions = list(
ApplicationPolicies = list(
Critical = TRUE|FALSE,
Policies = list(
list(
PolicyObjectIdentifier = "string",
PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
)
)
),
KeyUsage = list(
Critical = TRUE|FALSE,
UsageFlags = list(
DataEncipherment = TRUE|FALSE,
DigitalSignature = TRUE|FALSE,
KeyAgreement = TRUE|FALSE,
KeyEncipherment = TRUE|FALSE,
NonRepudiation = TRUE|FALSE
)
)
),
GeneralFlags = list(
AutoEnrollment = TRUE|FALSE,
MachineType = TRUE|FALSE
),
HashAlgorithm = "SHA256"|"SHA384"|"SHA512",
PrivateKeyAttributes = list(
Algorithm = "RSA"|"ECDH_P256"|"ECDH_P384"|"ECDH_P521",
CryptoProviders = list(
"string"
),
KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
KeyUsageProperty = list(
PropertyFlags = list(
Decrypt = TRUE|FALSE,
KeyAgreement = TRUE|FALSE,
Sign = TRUE|FALSE
),
PropertyType = "ALL"
),
MinimalKeyLength = 123
),
PrivateKeyFlags = list(
ClientVersion = "WINDOWS_SERVER_2008"|"WINDOWS_SERVER_2008_R2"|"WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
ExportableKey = TRUE|FALSE,
RequireAlternateSignatureAlgorithm = TRUE|FALSE,
StrongKeyProtectionRequired = TRUE|FALSE
),
SubjectNameFlags = list(
RequireCommonName = TRUE|FALSE,
RequireDirectoryPath = TRUE|FALSE,
RequireDnsAsCn = TRUE|FALSE,
RequireEmail = TRUE|FALSE,
SanRequireDirectoryGuid = TRUE|FALSE,
SanRequireDns = TRUE|FALSE,
SanRequireDomainDns = TRUE|FALSE,
SanRequireEmail = TRUE|FALSE,
SanRequireSpn = TRUE|FALSE,
SanRequireUpn = TRUE|FALSE
),
SupersededTemplates = list(
"string"
)
),
TemplateV4 = list(
CertificateValidity = list(
RenewalPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
),
ValidityPeriod = list(
Period = 123,
PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
)
),
EnrollmentFlags = list(
EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
IncludeSymmetricAlgorithms = TRUE|FALSE,
NoSecurityExtension = TRUE|FALSE,
RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
UserInteractionRequired = TRUE|FALSE
),
Extensions = list(
ApplicationPolicies = list(
Critical = TRUE|FALSE,
Policies = list(
list(
PolicyObjectIdentifier = "string",
PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
)
)
),
KeyUsage = list(
Critical = TRUE|FALSE,
UsageFlags = list(
DataEncipherment = TRUE|FALSE,
DigitalSignature = TRUE|FALSE,
KeyAgreement = TRUE|FALSE,
KeyEncipherment = TRUE|FALSE,
NonRepudiation = TRUE|FALSE
)
)
),
GeneralFlags = list(
AutoEnrollment = TRUE|FALSE,
MachineType = TRUE|FALSE
),
HashAlgorithm = "SHA256"|"SHA384"|"SHA512",
PrivateKeyAttributes = list(
Algorithm = "RSA"|"ECDH_P256"|"ECDH_P384"|"ECDH_P521",
CryptoProviders = list(
"string"
),
KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
KeyUsageProperty = list(
PropertyFlags = list(
Decrypt = TRUE|FALSE,
KeyAgreement = TRUE|FALSE,
Sign = TRUE|FALSE
),
PropertyType = "ALL"
),
MinimalKeyLength = 123
),
PrivateKeyFlags = list(
ClientVersion = "WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
ExportableKey = TRUE|FALSE,
RequireAlternateSignatureAlgorithm = TRUE|FALSE,
RequireSameKeyRenewal = TRUE|FALSE,
StrongKeyProtectionRequired = TRUE|FALSE,
UseLegacyProvider = TRUE|FALSE
),
SubjectNameFlags = list(
RequireCommonName = TRUE|FALSE,
RequireDirectoryPath = TRUE|FALSE,
RequireDnsAsCn = TRUE|FALSE,
RequireEmail = TRUE|FALSE,
SanRequireDirectoryGuid = TRUE|FALSE,
SanRequireDns = TRUE|FALSE,
SanRequireDomainDns = TRUE|FALSE,
SanRequireEmail = TRUE|FALSE,
SanRequireSpn = TRUE|FALSE,
SanRequireUpn = TRUE|FALSE
),
SupersededTemplates = list(
"string"
)
)
),
Name = "string",
Tags = list(
"string"
)
)