Skip to content

Update Template

pcaconnectorad_update_template R Documentation

Update template configuration to define the information included in certificates

Description

Update template configuration to define the information included in certificates.

Usage

pcaconnectorad_update_template(Definition,
  ReenrollAllCertificateHolders, TemplateArn)

Arguments

Definition

Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.

ReenrollAllCertificateHolders

This setting allows the major version of a template to be increased automatically. All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.

TemplateArn

[required] The Amazon Resource Name (ARN) that was returned when you called create_template.

Value

An empty list.

Request syntax

svc$update_template(
  Definition = list(
    TemplateV2 = list(
      CertificateValidity = list(
        RenewalPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        ),
        ValidityPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        )
      ),
      EnrollmentFlags = list(
        EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
        IncludeSymmetricAlgorithms = TRUE|FALSE,
        NoSecurityExtension = TRUE|FALSE,
        RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
        UserInteractionRequired = TRUE|FALSE
      ),
      Extensions = list(
        ApplicationPolicies = list(
          Critical = TRUE|FALSE,
          Policies = list(
            list(
              PolicyObjectIdentifier = "string",
              PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
            )
          )
        ),
        KeyUsage = list(
          Critical = TRUE|FALSE,
          UsageFlags = list(
            DataEncipherment = TRUE|FALSE,
            DigitalSignature = TRUE|FALSE,
            KeyAgreement = TRUE|FALSE,
            KeyEncipherment = TRUE|FALSE,
            NonRepudiation = TRUE|FALSE
          )
        )
      ),
      GeneralFlags = list(
        AutoEnrollment = TRUE|FALSE,
        MachineType = TRUE|FALSE
      ),
      PrivateKeyAttributes = list(
        CryptoProviders = list(
          "string"
        ),
        KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
        MinimalKeyLength = 123
      ),
      PrivateKeyFlags = list(
        ClientVersion = "WINDOWS_SERVER_2003"|"WINDOWS_SERVER_2008"|"WINDOWS_SERVER_2008_R2"|"WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
        ExportableKey = TRUE|FALSE,
        StrongKeyProtectionRequired = TRUE|FALSE
      ),
      SubjectNameFlags = list(
        RequireCommonName = TRUE|FALSE,
        RequireDirectoryPath = TRUE|FALSE,
        RequireDnsAsCn = TRUE|FALSE,
        RequireEmail = TRUE|FALSE,
        SanRequireDirectoryGuid = TRUE|FALSE,
        SanRequireDns = TRUE|FALSE,
        SanRequireDomainDns = TRUE|FALSE,
        SanRequireEmail = TRUE|FALSE,
        SanRequireSpn = TRUE|FALSE,
        SanRequireUpn = TRUE|FALSE
      ),
      SupersededTemplates = list(
        "string"
      )
    ),
    TemplateV3 = list(
      CertificateValidity = list(
        RenewalPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        ),
        ValidityPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        )
      ),
      EnrollmentFlags = list(
        EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
        IncludeSymmetricAlgorithms = TRUE|FALSE,
        NoSecurityExtension = TRUE|FALSE,
        RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
        UserInteractionRequired = TRUE|FALSE
      ),
      Extensions = list(
        ApplicationPolicies = list(
          Critical = TRUE|FALSE,
          Policies = list(
            list(
              PolicyObjectIdentifier = "string",
              PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
            )
          )
        ),
        KeyUsage = list(
          Critical = TRUE|FALSE,
          UsageFlags = list(
            DataEncipherment = TRUE|FALSE,
            DigitalSignature = TRUE|FALSE,
            KeyAgreement = TRUE|FALSE,
            KeyEncipherment = TRUE|FALSE,
            NonRepudiation = TRUE|FALSE
          )
        )
      ),
      GeneralFlags = list(
        AutoEnrollment = TRUE|FALSE,
        MachineType = TRUE|FALSE
      ),
      HashAlgorithm = "SHA256"|"SHA384"|"SHA512",
      PrivateKeyAttributes = list(
        Algorithm = "RSA"|"ECDH_P256"|"ECDH_P384"|"ECDH_P521",
        CryptoProviders = list(
          "string"
        ),
        KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
        KeyUsageProperty = list(
          PropertyFlags = list(
            Decrypt = TRUE|FALSE,
            KeyAgreement = TRUE|FALSE,
            Sign = TRUE|FALSE
          ),
          PropertyType = "ALL"
        ),
        MinimalKeyLength = 123
      ),
      PrivateKeyFlags = list(
        ClientVersion = "WINDOWS_SERVER_2008"|"WINDOWS_SERVER_2008_R2"|"WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
        ExportableKey = TRUE|FALSE,
        RequireAlternateSignatureAlgorithm = TRUE|FALSE,
        StrongKeyProtectionRequired = TRUE|FALSE
      ),
      SubjectNameFlags = list(
        RequireCommonName = TRUE|FALSE,
        RequireDirectoryPath = TRUE|FALSE,
        RequireDnsAsCn = TRUE|FALSE,
        RequireEmail = TRUE|FALSE,
        SanRequireDirectoryGuid = TRUE|FALSE,
        SanRequireDns = TRUE|FALSE,
        SanRequireDomainDns = TRUE|FALSE,
        SanRequireEmail = TRUE|FALSE,
        SanRequireSpn = TRUE|FALSE,
        SanRequireUpn = TRUE|FALSE
      ),
      SupersededTemplates = list(
        "string"
      )
    ),
    TemplateV4 = list(
      CertificateValidity = list(
        RenewalPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        ),
        ValidityPeriod = list(
          Period = 123,
          PeriodType = "HOURS"|"DAYS"|"WEEKS"|"MONTHS"|"YEARS"
        )
      ),
      EnrollmentFlags = list(
        EnableKeyReuseOnNtTokenKeysetStorageFull = TRUE|FALSE,
        IncludeSymmetricAlgorithms = TRUE|FALSE,
        NoSecurityExtension = TRUE|FALSE,
        RemoveInvalidCertificateFromPersonalStore = TRUE|FALSE,
        UserInteractionRequired = TRUE|FALSE
      ),
      Extensions = list(
        ApplicationPolicies = list(
          Critical = TRUE|FALSE,
          Policies = list(
            list(
              PolicyObjectIdentifier = "string",
              PolicyType = "ALL_APPLICATION_POLICIES"|"ANY_PURPOSE"|"ATTESTATION_IDENTITY_KEY_CERTIFICATE"|"CERTIFICATE_REQUEST_AGENT"|"CLIENT_AUTHENTICATION"|"CODE_SIGNING"|"CTL_USAGE"|"DIGITAL_RIGHTS"|"DIRECTORY_SERVICE_EMAIL_REPLICATION"|"DISALLOWED_LIST"|"DNS_SERVER_TRUST"|"DOCUMENT_ENCRYPTION"|"DOCUMENT_SIGNING"|"DYNAMIC_CODE_GENERATOR"|"EARLY_LAUNCH_ANTIMALWARE_DRIVER"|"EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"ENCLAVE"|"ENCRYPTING_FILE_SYSTEM"|"ENDORSEMENT_KEY_CERTIFICATE"|"FILE_RECOVERY"|"HAL_EXTENSION"|"IP_SECURITY_END_SYSTEM"|"IP_SECURITY_IKE_INTERMEDIATE"|"IP_SECURITY_TUNNEL_TERMINATION"|"IP_SECURITY_USER"|"ISOLATED_USER_MODE"|"KDC_AUTHENTICATION"|"KERNEL_MODE_CODE_SIGNING"|"KEY_PACK_LICENSES"|"KEY_RECOVERY"|"KEY_RECOVERY_AGENT"|"LICENSE_SERVER_VERIFICATION"|"LIFETIME_SIGNING"|"MICROSOFT_PUBLISHER"|"MICROSOFT_TIME_STAMPING"|"MICROSOFT_TRUST_LIST_SIGNING"|"OCSP_SIGNING"|"OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"PLATFORM_CERTIFICATE"|"PREVIEW_BUILD_SIGNING"|"PRIVATE_KEY_ARCHIVAL"|"PROTECTED_PROCESS_LIGHT_VERIFICATION"|"PROTECTED_PROCESS_VERIFICATION"|"QUALIFIED_SUBORDINATION"|"REVOKED_LIST_SIGNER"|"ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"|"ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"|"ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL"|"ROOT_LIST_SIGNER"|"SECURE_EMAIL"|"SERVER_AUTHENTICATION"|"SMART_CARD_LOGIN"|"SPC_ENCRYPTED_DIGEST_RETRY_COUNT"|"SPC_RELAXED_PE_MARKER_CHECK"|"TIME_STAMPING"|"WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION"|"WINDOWS_HARDWARE_DRIVER_VERIFICATION"|"WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION"|"WINDOWS_KITS_COMPONENT"|"WINDOWS_RT_VERIFICATION"|"WINDOWS_SOFTWARE_EXTENSION_VERIFICATION"|"WINDOWS_STORE"|"WINDOWS_SYSTEM_COMPONENT_VERIFICATION"|"WINDOWS_TCB_COMPONENT"|"WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT"|"WINDOWS_UPDATE"
            )
          )
        ),
        KeyUsage = list(
          Critical = TRUE|FALSE,
          UsageFlags = list(
            DataEncipherment = TRUE|FALSE,
            DigitalSignature = TRUE|FALSE,
            KeyAgreement = TRUE|FALSE,
            KeyEncipherment = TRUE|FALSE,
            NonRepudiation = TRUE|FALSE
          )
        )
      ),
      GeneralFlags = list(
        AutoEnrollment = TRUE|FALSE,
        MachineType = TRUE|FALSE
      ),
      HashAlgorithm = "SHA256"|"SHA384"|"SHA512",
      PrivateKeyAttributes = list(
        Algorithm = "RSA"|"ECDH_P256"|"ECDH_P384"|"ECDH_P521",
        CryptoProviders = list(
          "string"
        ),
        KeySpec = "KEY_EXCHANGE"|"SIGNATURE",
        KeyUsageProperty = list(
          PropertyFlags = list(
            Decrypt = TRUE|FALSE,
            KeyAgreement = TRUE|FALSE,
            Sign = TRUE|FALSE
          ),
          PropertyType = "ALL"
        ),
        MinimalKeyLength = 123
      ),
      PrivateKeyFlags = list(
        ClientVersion = "WINDOWS_SERVER_2012"|"WINDOWS_SERVER_2012_R2"|"WINDOWS_SERVER_2016",
        ExportableKey = TRUE|FALSE,
        RequireAlternateSignatureAlgorithm = TRUE|FALSE,
        RequireSameKeyRenewal = TRUE|FALSE,
        StrongKeyProtectionRequired = TRUE|FALSE,
        UseLegacyProvider = TRUE|FALSE
      ),
      SubjectNameFlags = list(
        RequireCommonName = TRUE|FALSE,
        RequireDirectoryPath = TRUE|FALSE,
        RequireDnsAsCn = TRUE|FALSE,
        RequireEmail = TRUE|FALSE,
        SanRequireDirectoryGuid = TRUE|FALSE,
        SanRequireDns = TRUE|FALSE,
        SanRequireDomainDns = TRUE|FALSE,
        SanRequireEmail = TRUE|FALSE,
        SanRequireSpn = TRUE|FALSE,
        SanRequireUpn = TRUE|FALSE
      ),
      SupersededTemplates = list(
        "string"
      )
    )
  ),
  ReenrollAllCertificateHolders = TRUE|FALSE,
  TemplateArn = "string"
)