An access control entry allows or denies Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autoenrolling with the template.

Summary of group access control entries that allow or deny Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autofenrolling with the template.

Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.

Application policies describe what the certificate can be used for.

Application policies describe what the certificate can be used for.

Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.

Amazon Web Services Private CA Connector for Active Directory is a service that links your Active Directory with Amazon Web Services Private CA. The connector brokers the exchange of certificates from Amazon Web Services Private CA to domain-joined users and machines managed with Active Directory.

Summary description of the Amazon Web Services Private CA AD connectors belonging to an Amazon Web Services account.

The directory registration represents the authorization of the connector service with a directory.

The directory registration represents the authorization of the connector service with the Active Directory.

Template configurations for v2 template schema.

Template configurations for v3 template schema.

Template configurations for v4 template schema.

Certificate extensions for v2 template schema

Certificate extensions for v3 template schema

Certificate extensions for v4 template schema

General flags for v2 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.

General flags for v3 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.

General flags for v4 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.

The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.

The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.

The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.

Specifies key usage.

Defines the attributes of the private key.

Defines the attributes of the private key.

Defines the attributes of the private key.

Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.

Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.

Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.

The service principal name that the connector uses to authenticate with Active Directory.

The service principal name that the connector uses to authenticate with Active Directory.

Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.

Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.

Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.

An Active Directory compatible certificate template. Connectors issue certificates against these templates based on the requestor's Active Directory group membership.

Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.

The revision version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.

An Active Directory compatible certificate template. Connectors issue certificates against these templates based on the requestor's Active Directory group membership.

v2 template schema that uses Legacy Cryptographic Providers.

v3 template schema that uses Key Storage Providers.

v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.

Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in hours, days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.

Information about your VPC and security groups used with the connector.