CRLFlagEnum Enumeration |
Defines certificate revocation list (and chaining engine) flags.
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
Namespace: PKI.CertificateServices.Flags
Assembly: SysadminsLV.PKI (in SysadminsLV.PKI.dll) Version: 3.7.0.0 (3.7.0.0)
SyntaxMembers| Member name | Value | Description | |
|---|---|---|---|
| None | 0 | No flags are defined. | |
| DeltaUseOldestUnexpiredBase | 1 | The CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used. | |
| DeleteExpiredCRLs | 2 | Deletes CRLs signed by the expired CA keys. | |
| CRLNumberCritical | 4 | The CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected. | |
| RevCheckIgnoreOffline | 8 |
The CA server will ignore certificate revocation checking failures.
Note: You should not enable this flag in productional envionments. | |
| IgnoreInvalidPolicies | 16 | The CA server will ignore invalid Certificate Policies extension in requests. | |
| RebuildModifiedSubjectOnly | 32 | When a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request. | |
| SaveFailedCerts | 64 | N/A | |
| IgnoreUnknownCMCAttributes | 128 | The CA server ignores unknown CMC attributes in the request. | |
| IgnoreCrossCertTrustError | 256 | The CA server ignores trust errors for cross-certificates during certificate chain building. | |
| PublishExpiredCertCRLs | 512 | The CA will publish expired revoked certificates in CRLs. | |
| EnforceEnrollmentAgent | 1024 | The CA enforces enrollment agent restrictions. | |
| DisableRDNReorder | 2048 | The CA server will not re-order relative distinguished name (RDN) in the certificate request. | |
| DisableRootCrossCerts | 4096 |
Instructs Root CA server to not generate root cross-certificates after Root CA renewal with new key pair.
Note: this flag has no effect on any type of Subordinate CA. | |
| LogfullResponse | 8192 | The CA will dump request response to console. | |
| UseXCHGCertTemplate | 16384 | Instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival. | |
| UseCrossCertTemplate | 32768 |
Instructs Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using
automatically generated cross-certificates.
Note: this flag has no effect on any type of Subordinate CA. | |
| AllowRequestAttributeSubject | 65536 | The CA server will accept certificate subject submitted as a part of request attributes. | |
| RevCheckIgnoreNoRevCheck | 131072 | The CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates. | |
| PreserveExpiredCerts | 262144 | The CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid. | |
| PreserveRevokedCACerts | 524288 | The CA server will preserve CA certificates in database and certificate store even if the certificates are revoked. | |
| DisableChainVerification | 1048576 |
The CA server will preserve revoked CA certificates in database and certificate store.
Windows Server 2003, Windows Server 2008: this flag is not supported. | |
| BuildRootCACRLEntriesBasedOnKey | 2097152 |
N/A
Windows Server 2003, Windows Server 2008: this flag is not supported. |
RemarksNot all CA versions support full list.
See Also