2.4 flags Attribute

The flags attribute is the general-enrollment flags attribute. These flags are communicated as an integer value of this attribute.<5> The attribute value can be 0, or it can consist of a bitwise OR of flags from the following table.

Flag

Meaning

0x00000020

CT_FLAG_AUTO_ENROLLMENT

This flag is the same as CT_FLAG_AUTO_ENROLLMENT specified in section 2.26.

0x00000040

CT_FLAG_MACHINE_TYPE

This flag indicates that this certificate template is for an end entity that represents a machine.

0x00000080

CT_FLAG_IS_CA

This flag indicates a certificate request for a CA certificate.

0x00000200

CT_FLAG_ADD_TEMPLATE_NAME

This flag indicates that a certificate based on this section needs to include a template name certificate extension.

0x00000800

CT_FLAG_IS_CROSS_CA

This flag indicates a certificate request for cross-certifying a certificate. Processing rules for this flag are specified in [MS-WCCE] sections 3.1.2.4.2.2.1.1 and 3.2.2.6.2.1.4.4.1.

0x00010000

CT_FLAG_IS_DEFAULT

This flag indicates that the template SHOULD not be modified in any way; it is not used by the client or server in the Windows Client Certificate Enrollment Protocol.

0x00020000

CT_FLAG_IS_MODIFIED

This flag indicates that the template MAY be modified if required; it is not used by the client or server in the Windows Client Certificate Enrollment Protocol.

0x00001000

CT_FLAG_DONOTPERSISTINDB

This flag indicates that the record of a certificate request for a certificate that is issued need not be persisted by the CA.<6>

0x00000002

CT_FLAG_ADD_EMAIL

Reserved. All protocols MUST ignore this flag.

0x00000008

CT_FLAG_PUBLISH_TO_DS

Reserved. All protocols MUST ignore this flag.

0x00000010

CT_FLAG_EXPORTABLE_KEY

Reserved. All protocols MUST ignore this flag.

For schema details of this attribute, see [MS-ADA1] section 2.231.