2.28 msPKI-Certificate-Name-Flag Attribute
The msPKI-Certificate-Name-Flag attribute specifies the subject name flags. Its value can be 0, or it can consist of a bitwise OR of flags from the following table.<39> The processing rules for these flags are specified in [MS-WCCE] sections 3.1.2.4.2.2.2.10 and 3.2.2.6.2.1.4.5.9.
|
Flag |
Client processing |
|---|---|
|
0x00000001 CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT |
This flag instructs the client to supply subject information in the certificate request. |
|
0x00010000 CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME |
This flag instructs the client to supply subject alternate name information in the certificate request. |
|
0x00400000 CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS |
This flag instructs the CA to add the value of the requester's FQDN and NetBIOS name to the Subject Alternative Name extension of the issued certificate. |
|
0x00800000 CT_FLAG_SUBJECT_ALT_REQUIRE_SPN |
This flag instructs the CA to add the value of the UPN attribute from the requestor's user object in Active Directory to the Subject Alternative Name extension of the issued certificate. |
|
0x01000000 CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID |
This flag instructs the CA to add the value of the objectGUID attribute from the requestor's user object in Active Directory to the Subject Alternative Name extension of the issued certificate. |
|
CT_FLAG_SUBJECT_ALT_REQUIRE_UPN |
This flag instructs the CA to add the value of the UPN attribute from the requestor's user object in Active Directory to the Subject Alternative Name extension of the issued certificate. |
|
0x04000000 CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL |
This flag instructs the CA to add the value of the email attribute from the requestor's user object in Active Directory to the Subject Alternative Name extension of the issued certificate. |
|
0x08000000 CT_FLAG_SUBJECT_ALT_REQUIRE_DNS |
This flag instructs the CA to add the value obtained from the DNS attribute of the requestor's user object in Active Directory to the Subject Alternative Name extension of the issued certificate. |
|
0x10000000 CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN |
This flag instructs the CA to add the value obtained from the DNS attribute of the requestor's user object in Active Directory as the CN in the subject of the issued certificate. |
|
0x20000000 CT_FLAG_SUBJECT_REQUIRE_EMAIL |
This flag instructs the CA to add the value of the email attribute from the requestor's user object in Active Directory as the subject of the issued certificate. |
|
0x40000000 CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME |
This flag instructs the CA to set the subject name to the requestor's CN from Active Directory, as specified in [MS-ADTS] section 3.1.1.1.7. |
|
0x80000000 CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH |
This flag instructs the CA to set the subject name to the requestor's distinguished name (DN) from Active Directory, as specified in [MS-ADTS] section 3.1.1.1.4. |
|
0x00000008 CT_FLAG_OLD_CERT_SUPPLIES_SUBJECT_AND_ALT_NAME |
This flag instructs the client to reuse values of subject name and alternative subject name extensions from an existing valid certificate when creating a certificate renewal request.<40> |
For schema details of this attribute, see [MS-ADA2] section 2.608.