New-CATemplate EnrollmentFlag NoRevocationInformation missing
bencoremans opened this issue · comments
Without NoRevocationInformation EnrollmentFlag the cmdlet runs well.
Is it possible to add EnrollmentFlag NoRevocationInformation ?
New-CATemplate : Cannot process argument transformation on parameter 'EnrollmentFlags'. Cannot convert value "IncludeOcspRevNoCheck,NoRevocationInformation,Autoenrollment" to type "Pki.CATemplate.EnrollmentFlags". Error: "Unable to match the identifier
name IncludeOcspRevNoCheck,NoRevocationInformation,Autoenrollment to a valid enumerator name. Specify one of the following enumerator names and try again:
None, IncludeSymmetricAlgorithms, CAManagerApproval, KraPublish, DsPublish, AutoenrollmentCheckDsCert, Autoenrollment, ReenrollExistingCert, RequireUserInteraction, RemoveInvalidFromStore, AllowEnrollOnBehalfOf, IncludeOcspRevNoCheck, ReuseKeyTokenFull,
BasicConstraintsInEndEntityCerts, IgnoreEnrollOnReenrollment, IssuancePoliciesFromRequest"
At line:1 char:204
- ... KeyFlags "$PrivateKeyFlags" -EnrollmentFlags $EnrollmentFlags -ErrorA ...
-
~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidData: (:) [New-CATemplate], ParameterBindingArgumentTransformationException
- FullyQualifiedErrorId : ParameterArgumentTransformationError,New-CATemplate
Hi, this issue is still open. Can I help help to resolve this issue?
Kind regards
Ben
The problem is here I think:
AutomatedLab.Common/Library
/Pki.CATemplate.cs
This is one line, but needs a new line for NoRevocationInformation
ReuseKeyTokenFull = 8192, //This flag instructs the client to reuse the private key for a smart card-based certificate renewal if it is unable to create a new private key on the card.Windows XP, Windows Server 2003 - this flag is not supported. NoRevocationInformation 16384 This flag instructs the server to not include revocation information in the issued certificate. Windows Server 2003, Windows Server 2008 - this flag is not supported.
Solution?
ReuseKeyTokenFull = 8192, //This flag instructs the client to reuse the private key for a smart card-based certificate renewal if it is unable to create a new private key on the card.Windows XP, Windows Server 2003 - this flag is not supported.
NoRevocationInformation =16384 //This flag instructs the server to not include revocation information in the issued certificate. Windows Server 2003, Windows Server 2008 - this flag is not supported.