New-CATemplate EnrollmentFlag NoRevocationInformation missing

Question

New-CATemplate EnrollmentFlag NoRevocationInformation missing

bencoremans opened this issue 6 years ago · comments

Without NoRevocationInformation EnrollmentFlag the cmdlet runs well.
Is it possible to add EnrollmentFlag NoRevocationInformation ?

New-CATemplate : Cannot process argument transformation on parameter 'EnrollmentFlags'. Cannot convert value "IncludeOcspRevNoCheck,NoRevocationInformation,Autoenrollment" to type "Pki.CATemplate.EnrollmentFlags". Error: "Unable to match the identifier
name IncludeOcspRevNoCheck,NoRevocationInformation,Autoenrollment to a valid enumerator name. Specify one of the following enumerator names and try again:
None, IncludeSymmetricAlgorithms, CAManagerApproval, KraPublish, DsPublish, AutoenrollmentCheckDsCert, Autoenrollment, ReenrollExistingCert, RequireUserInteraction, RemoveInvalidFromStore, AllowEnrollOnBehalfOf, IncludeOcspRevNoCheck, ReuseKeyTokenFull,
BasicConstraintsInEndEntityCerts, IgnoreEnrollOnReenrollment, IssuancePoliciesFromRequest"
At line:1 char:204

... KeyFlags "$PrivateKeyFlags" -EnrollmentFlags $EnrollmentFlags -ErrorA ...
```
                                             ~~~~~~~~~~~~~~~~
```
- CategoryInfo : InvalidData: (:) [New-CATemplate], ParameterBindingArgumentTransformationException
- FullyQualifiedErrorId : ParameterArgumentTransformationError,New-CATemplate

Ben Coremans · Answer 1 · Thu Jun 15 2023 11:56:55 GMT+0800 (China Standard Time)

Hi, this issue is still open. Can I help help to resolve this issue?
Kind regards
Ben

Ben Coremans · Answer 2 · Sat Sep 23 2023 02:32:17 GMT+0800 (China Standard Time)

The problem is here I think:
AutomatedLab.Common/Library
/Pki.CATemplate.cs

This is one line, but needs a new line for NoRevocationInformation
ReuseKeyTokenFull = 8192, //This flag instructs the client to reuse the private key for a smart card-based certificate renewal if it is unable to create a new private key on the card.Windows XP, Windows Server 2003 - this flag is not supported. NoRevocationInformation 16384 This flag instructs the server to not include revocation information in the issued certificate. Windows Server 2003, Windows Server 2008 - this flag is not supported.

Solution?
ReuseKeyTokenFull = 8192, //This flag instructs the client to reuse the private key for a smart card-based certificate renewal if it is unable to create a new private key on the card.Windows XP, Windows Server 2003 - this flag is not supported.

NoRevocationInformation =16384 //This flag instructs the server to not include revocation information in the issued certificate. Windows Server 2003, Windows Server 2008 - this flag is not supported.