2.4 flags Attribute
The flags attribute is the general-enrollment flags attribute. These flags are communicated as an integer value of this attribute.<5> The attribute value can be 0, or it can consist of a bitwise OR of flags from the following table.
|
Flag |
Meaning |
|---|---|
|
0x00000020 CT_FLAG_AUTO_ENROLLMENT |
This flag is the same as CT_FLAG_AUTO_ENROLLMENT specified in section 2.26. |
|
0x00000040 CT_FLAG_MACHINE_TYPE |
This flag indicates that this certificate template is for an end entity that represents a machine. |
|
0x00000080 CT_FLAG_IS_CA |
This flag indicates a certificate request for a CA certificate. |
|
0x00000200 CT_FLAG_ADD_TEMPLATE_NAME |
This flag indicates that a certificate based on this section needs to include a template name certificate extension. |
|
0x00000800 CT_FLAG_IS_CROSS_CA |
This flag indicates a certificate request for cross-certifying a certificate. Processing rules for this flag are specified in [MS-WCCE] sections 3.1.2.4.2.2.1.1 and 3.2.2.6.2.1.4.4.1. |
|
0x00010000 CT_FLAG_IS_DEFAULT |
This flag indicates that the template SHOULD not be modified in any way; it is not used by the client or server in the Windows Client Certificate Enrollment Protocol. |
|
0x00020000 CT_FLAG_IS_MODIFIED |
This flag indicates that the template MAY be modified if required; it is not used by the client or server in the Windows Client Certificate Enrollment Protocol. |
|
0x00001000 CT_FLAG_DONOTPERSISTINDB |
This flag indicates that the record of a certificate request for a certificate that is issued need not be persisted by the CA.<6> |
|
0x00000002 CT_FLAG_ADD_EMAIL |
Reserved. All protocols MUST ignore this flag. |
|
0x00000008 CT_FLAG_PUBLISH_TO_DS |
Reserved. All protocols MUST ignore this flag. |
|
0x00000010 CT_FLAG_EXPORTABLE_KEY |
Reserved. All protocols MUST ignore this flag. |
For schema details of this attribute, see [MS-ADA1] section 2.231.