5 Appendix A: Product Behavior
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.
The terms "earlier" and "later", when used with a product version, refer to either all preceding versions or all subsequent versions, respectively. The term "through" refers to the inclusive range of versions. Applicable Microsoft products are listed chronologically in this section.
Windows Client
Windows 2000 Professional operating system
Windows XP operating system
Windows Vista operating system
Windows 7 operating system
Windows 8 operating system
Windows 8.1 operating system
Windows 10 operating system
Windows 11 operating system
Windows Server
Windows 2000 Server operating system
Windows Server 2003 operating system
Windows Server 2008 operating system
Windows Server 2008 R2 operating system
Windows Server 2012 operating system
Windows Server 2012 R2 operating system
Windows Server 2016 operating system
Windows Server 2019 operating system
Windows Server 2022 operating system
Windows Server 2025 operating system
Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.
Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.
<1> Section 1.6: Windows defines four template versions: version 1, version 2, version 3, and version 4. Version 1 templates are supported by CAs that run on Windows 2000 Server and later. Version 2 templates are supported by Microsoft CAs that run on Windows Server 2003 Enterprise Edition operating system, Windows Server 2003 R2 Datacenter Edition operating system, and Windows Server 2008 and later. Version 3 templates are supported by CAs that run on Windows Server 2008 and later. Version 4 templates are supported by CAs that run on Windows Server 2012 and later.
<2> Section 2.1: The cn attribute is implemented in Windows 2000 Server and later.
<3> Section 2.2: The displayName attribute is implemented in Windows 2000 Server and later.
<4> Section 2.3: The distinguishedName attribute is implemented in Windows 2000 Server and later.
<5> Section 2.4: The flags attribute is implemented in Windows 2000 Server and later.
<6> Section 2.4: This flag is supported in applicable Windows Server releases, with exception of Windows 2000 Server, Windows Server 2003, Windows Server 2003 R2 operating system, and Windows Server 2008.
<7> Section 2.5: The ntSecurityDescriptor attribute is implemented in Windows 2000 Server and later.
<8> Section 2.6: The revision attribute is implemented in Windows 2000 Server and later.
<9> Section 2.7: The pKICriticalExtensions attribute is implemented in Windows 2000 Server and later.
<10> Section 2.8: The pKIDefaultCSPs attribute is implemented in Windows 2000 Server and later.
<11> Section 2.9: The pKIDefaultKeySpec attribute is implemented in Windows 2000 Server and later. For more information about the Microsoft implementation of key types, see [MSDN-KEY].
<12> Section 2.10: The pKIEnrollmentAccess attribute is implemented in Windows 2000 Server and later.
<13> Section 2.11: The pKIExpirationPeriod attribute is implemented in Windows 2000 Server and later.
<14> Section 2.12: The pKIExtendedKeyUsage attribute is implemented in Windows 2000 Server and later.
<15> Section 2.13: The pKIKeyUsage attribute is implemented in Windows 2000 Server and later.
<16> Section 2.14: The pKIMaxIssuingDepth attribute is implemented in Windows 2000 Server and later.
<17> Section 2.16: The msPKI-Template-Schema-Version attribute is implemented in applicable Windows Server releases, with the exception of Windows 2000 Server.
<18> Section 2.17: The msPKI-Template-Minor-Revision attribute is implemented in Windows Server 2003 and later.
<19> Section 2.18: The msPKI-RA-Signature attribute is implemented in Windows Server 2003 and later.
<20> Section 2.19: The msPKI-Minimal-Key-Size attribute is implemented in Windows Server 2003 and later.
<21> Section 2.20: The msPKI-Cert-Template-OID attribute is implemented in Windows Server 2003 and later.
<22> Section 2.21: The msPKI-Supersede-Templates attribute is implemented in Windows Server 2003 and later.
<23> Section 2.22: The msPKI-RA-Policies attribute is implemented in Windows Server 2003 and later.
<24> Section 2.23: The msPKI-RA-Application-Policies attribute is implemented in Windows Server 2003 and later.
<25> Section 2.24: The msPKI-Certificate-Policy attribute is implemented in Windows Server 2003 and later.
<26> Section 2.25: The msPKI-Certificate-Application-Policy attribute is implemented in Windows Server 2003 and later.
<27> Section 2.26: The msPKI-Enrollment-Flag attribute is implemented in Windows Server 2003 and later.
<28> Section 2.26: This flag is supported in applicable Windows Server releases, with the exception of Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2.
<29> Section 2.26: This flag is supported in Windows Vista and later clients and in Windows Server 2008 and later servers.
<30> Section 2.26: This flag is supported in Windows Server 2008 R2 and later.
<31> Section 2.26: This flag is supported in Windows Server 2008 R2 and later.
<32> Section 2.26: This flag is supported in Windows Server 2012 and later.
<33> Section 2.26: This flag is supported in Windows Server 2012 and later.
<34> Section 2.26: This flag is supported by the operating systems specified in [MSFT-CVE-2022-26931], each with its related KB article download installed.
<35> Section 2.27: The msPKI-Private-Key-Flag attribute is implemented in Windows Server 2003 and later.
<36> Section 2.27: This flag is supported in Windows Server 2012 and later.
<37> Section 2.27: This flag is supported in Windows Server 2012 and later.
<38> Section 2.27: These flags are supported only in Windows Server 2012 R2 and later.
<39> Section 2.28: The msPKI-Certificate-Name-Flag attribute is implemented in Windows Server 2003 and later.
<40> Section 2.28: This flag is supported in Windows Server 2008 R2 and later.
<41> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Server 2003 and Windows XP.
-
cn: Administrator; displayName: Administrator; flags: 66106; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: Administrator; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xA0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: CA; displayName: Root Certification Authority; flags: 65745; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CA; pKICriticalExtensions: 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF pKIKeyUsage: 0x86 0x00 pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 5; cn: CAExchange; displayName: CA Exchange; flags: 65600; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 1; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: CAExchange; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF revision: 106; cn: CEPEncryption; displayName: CEP Encryption; flags: 66113; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CEPEncryption; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: CertificateRequestAgent; displayName: Certificate Request Agent; flags: 131616; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.20.2.1; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 96; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.20.2.1; msPKI-RA-Signature: 1; msPKI-Template-Minor-Revision: 4; msPKI-Template-Schema-Version: 2; name: CertificateRequestAgent; pKIDefaultCSPs: 1,Microsoft Base Smart Card Crypto Provider; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 100; cn: ClientAuth; displayName: Authenticated Session; flags: 197152; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ClientAuth; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 3; cn: CodeSigning; displayName: Code Signing; flags: 66080; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CodeSigning; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 3; cn: CrossCA; displayName: Cross Certification Authority; flags: 198672; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 512; msPKI-Private-Key-Flag: 16; msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; msPKI-RA-Signature: 1; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: CrossCA; pKICriticalExtensions: 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF pKIKeyUsage: 0x86 0x00 pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 110; cn: CTLSigning; displayName: Trust List Signing; flags: 66080; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CTLSigning; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 3; cn: DirectoryEmailReplication; displayName: Directory Email Replication; flags: 196704; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; msPKI-Certificate-Name-Flag: 150994944; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Supersede-Templates: DomainController; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: DirectoryEmailReplication; pKICriticalExtensions: 2.5.29.17; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 122; cn: DomainController; displayName: Domain Controller; flags: 197228; msPKI-Certificate-Name-Flag: 419430400; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: DomainController; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: DomainControllerAuthentication; displayName: Domain Controller Authentication; flags: 196704; msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; msPKI-Certificate-Name-Flag: 134217728; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Supersede-Templates: DomainController; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: DomainControllerAuthentication; pKICriticalExtensions: 2.5.29.17; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 119; cn: EFS; displayName: Basic EFS; flags: 197176; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EFS; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 3; cn: EFSRecovery; displayName: EFS Recovery Agent; flags: 66096; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 33; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EFSRecovery; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 6; cn: EnrollmentAgent; displayName: Enrollment Agent; flags: 197152; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EnrollmentAgent; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: EnrollmentAgentOffline; displayName: Exchange Enrollment Agent (Offline request); flags: 66049; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EnrollmentAgentOffline; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: ExchangeUser; displayName: Exchange User; flags: 66065; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 1; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ExchangeUser; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 7; cn: ExchangeUserSignature; displayName: Exchange Signature Only; flags: 66049; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ExchangeUserSignature; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 6; cn: IPSECIntermediateOffline; displayName: IPSEC (Offline request); flags: 197185; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: IPSECIntermediateOffline; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 7; cn: IPSECIntermediateOnline; displayName: IPSEC; flags: 197216; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: IPSECIntermediateOnline; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 8; cn: KeyRecoveryAgent; displayName: Key Recovery Agent; flags: 196640; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 39; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.21.6; msPKI-RA-Signature: 1; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 2; name: KeyRecoveryAgent; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; pKIKeyUsage: 0x20 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 105; cn: Machine; displayName: Computer; flags: 197216; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: Machine; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 5; cn: MachineEnrollmentAgent; displayName: Enrollment Agent (Computer); flags: 66144; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: MachineEnrollmentAgent; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 5; cn: OfflineRouter; displayName: Router (Offline request); flags: 66113; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: OfflineRouter; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: RASAndIASServer; displayName: RAS and IAS Server; flags: 197216; msPKI-Certificate-Application-Policy (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; msPKI-Certificate-Name-Flag: 1207959552; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Supersede-Templates: NTDEVComputer; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: RASAndIASServer; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 104; cn: SmartcardLogon; displayName: Smartcard Logon; flags: 197120; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 512; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SmartcardLogon; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (2): 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 6; cn: SmartcardUser; displayName: Smartcard User; flags: 197130; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 9; msPKI-Minimal-Key-Size: 512; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SmartcardUser; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 11; cn: SubCA; displayName: Subordinate Certification Authority; flags: 197329; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SubCA; pKICriticalExtensions: 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF pKIKeyUsage: 0x86 0x00 pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 5; cn: User; displayName: User; flags: 197178; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: User; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 3; cn: UserSignature; displayName: User Signature Only; flags: 197154; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: UserSignature; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0x80 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: WebServer; displayName: Web Server; flags: 66113; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: WebServer; pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 4; cn: Workstation; displayName: Workstation Authentication; flags: 197216; msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; msPKI-Certificate-Name-Flag: 134217728; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: Workstation; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xa0 0x00 pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF revision: 104;
<42> Section 3: The following is the list of the default certificate templates and their attribute values that are installed to Active Directory by Windows Vista and later clients and by Windows Server 2008 and later servers.
-
cn: Administrator; displayName: Administrator; flags: 66106; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.7; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: Administrator; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (4): 1.3.6.1.4.1.311.10.3.1; 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: CA; displayName: Root Certification Authority; flags: 65745; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.17; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CA; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; pKIKeyUsage: 0x86 0x00; pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 5; cn: CAExchange; displayName: CA Exchange; flags: 65600; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.26; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.5; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 1; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: CAExchange; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0xC0 0x1B 0xD7 0x7F 0xFA 0xFF 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.5; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x40 0x96 0xD5 0x36 0xFF 0xFF 0xFF; revision: 106; cn: CEPEncryption; displayName: CEP Encryption; flags: 66113; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.22; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CEPEncryption; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: ClientAuth; displayName: Authenticated Session; flags: 66080; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.4; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ClientAuth; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 3; cn: CodeSigning; displayName: Code Signing; flags: 66080; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.9; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CodeSigning; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.3; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 3; cn: CrossCA; displayName: Cross Certification Authority; flags: 67600; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.25; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 8; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Application-Policies: 1.3.6.1.4.1.311.10.3.10; msPKI-RA-Signature: 1; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: CrossCA; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; pKIKeyUsage: 0x86 0x00; pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 105; cn: CTLSigning; displayName: Trust List Signing; flags: 66080; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.10; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: CTLSigning; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.1; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 3; cn: DirectoryEmailReplication; displayName: Directory Email Replication; flags: 65632; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.29; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.19; msPKI-Certificate-Name-Flag: 150994944; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Supersede-Templates: DomainController; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: DirectoryEmailReplication; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.19; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 00 80 A6 0A FF DE FF FF; revision: 115; cn: DomainController; displayName: Domain Controller; flags: 66156; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.15; msPKI-Certificate-Name-Flag: 419430400; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: DomainController; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: DomainControllerAuthentication; displayName: Domain Controller Authentication; flags: 65632; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.28; msPKI-Certificate-Application-Policy (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; msPKI-Certificate-Name-Flag: 134217728; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Supersede-Templates: DomainController; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: DomainControllerAuthentication; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 110; cn: EFS; displayName: Basic EFS; flags: 66104; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.6; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EFS; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 3; cn: EFSRecovery; displayName: EFS Recovery Agent; flags: 66096; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.8; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 33; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EFSRecovery; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.10.3.4.1; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 6; cn: EnrollmentAgent; displayName: Enrollment Agent; flags: 66080; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.11; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EnrollmentAgent; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: EnrollmentAgentOffline; displayName: Exchange Enrollment Agent (Offline request); flags: 66049; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.12; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: EnrollmentAgentOffline; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: ExchangeUser; displayName: Exchange User; flags: 66065; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.23; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 1; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ExchangeUser; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 7; cn: ExchangeUserSignature; displayName: Exchange Signature Only; flags: 66049; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.24; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: ExchangeUserSignature; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.4; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 6; cn: IPSECIntermediateOffline; displayName: IPSec (Offline request); flags: 66113; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.20; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: IPSECIntermediateOffline; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 7; cn: IPSECIntermediateOnline; displayName: IPSec; flags: 66144; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.19; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: IPSECIntermediateOnline; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 8; cn: KerberosAuthentication; displayName: Kerberos Authentication; flags: 65632; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.33; msPKI-Certificate-Application-Policy (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; msPKI-Certificate-Name-Flag: 138412032; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: KerberosAuthentication; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.17; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (4): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; 1.3.6.1.4.1.311.20.2.2; 1.3.6.1.5.2.3.5; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 110; cn: KeyRecoveryAgent; displayName: Key Recovery Agent; flags: 65568; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.27; msPKI-Certificate-Application-Policy: 1.3.6.1.4.1.311.21.6; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 39; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: KeyRecoveryAgent; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.21.6; pKIKeyUsage: 0x20 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 105; cn: Machine; displayName: Computer; flags: 66144; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.14; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: Machine; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 5; cn: MachineEnrollmentAgent; displayName: Enrollment Agent (Computer); flags: 66144; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.13; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: MachineEnrollmentAgent; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.4.1.311.20.2.1; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 5; cn: OCSPResponseSigning; displayName: OCSP Response Signing; flags: 66112; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.32; msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.9; msPKI-Certificate-Name-Flag: 402653184; msPKI-Enrollment-Flag: 4096; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Application-Policies: msPKI-Asymmetric-Algorithm`PZPWSTR`RSA`msPKI-Hash-Algorithm`PZPWSTR`SHA1`msPKI-Key-Security-Descriptor`PZPWSTR`D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GR;;;S-1-5-80-3804348527-3718992918-2141599610-3686422417-2726379419)`msPKI-Key-Usage`DWORD`2`; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 3; name: OCSPResponseSigning; pKICriticalExtensions: 2.5.29.15; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x80 0x37 0xAE 0xFF 0xF4 0xFF 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.9; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0x2C 0xAB 0x6D 0xFE 0xFF 0xFF; revision: 101; cn: OfflineRouter; displayName: Router (Offline request); flags: 66113; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.21; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: OfflineRouter; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: RASAndIASServer; displayName: RAS and IAS Server; flags: 66144; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.31; msPKI-Certificate-Application-Policy (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; msPKI-Certificate-Name-Flag: 1207959552; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: RASAndIASServer; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 101; cn: SmartcardLogon; displayName: Smartcard Logon; flags: 66048; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.5; msPKI-Certificate-Name-Flag: -2113929216; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 512; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SmartcardLogon; pKICriticalExtensions: 2.5.29.15; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 6; cn: SmartcardUser; displayName: Smartcard User; flags: 66058; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.3; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 9; msPKI-Minimal-Key-Size: 512; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SmartcardUser; pKICriticalExtensions: 2.5.29.15; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (3): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; 1.3.6.1.4.1.311.20.2.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 11; cn: SubCA; displayName: Subordinate Certification Authority; flags: 66257; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.18; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 1024; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: SubCA; pKICriticalExtensions (2): 2.5.29.15; 2.5.29.19; pKIDefaultCSPs: 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x1E 0xA4 0xE8 0x65 0xFA 0xFF; pKIKeyUsage: 0x86 0x00; pKIMaxIssuingDepth: -1; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 5; cn: User; displayName: User; flags: 66106; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.1; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 41; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 16; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: User; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (3): 1.3.6.1.4.1.311.10.3.4; 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 3; cn: UserSignature; displayName: User Signature Only; flags: 66082; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.2; msPKI-Certificate-Name-Flag: -1509949440; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: UserSignature; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (3): 3,Microsoft Base DSS Cryptographic Provider; 2,Microsoft Base Cryptographic Provider v1.0; 1,Microsoft Enhanced Cryptographic Provider v1.0; pKIDefaultKeySpec: 2; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage (2): 1.3.6.1.5.5.7.3.4; 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0x80 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: WebServer; displayName: Web Server; flags: 66113; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.16; msPKI-Certificate-Name-Flag: 1; msPKI-Enrollment-Flag: 0; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 1; msPKI-Template-Schema-Version: 1; name: WebServer; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs (2): 2,Microsoft DH SChannel Cryptographic Provider; 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x80 0x72 0x0E 0x5D 0xC2 0xFD 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 4; cn: Workstation; displayName: Workstation Authentication; flags: 66144; msPKI-Cert-Template-OID: 1.3.6.1.4.1.311.21.8.11034890.834619.12601478.16236816.7255827.176.1.30; msPKI-Certificate-Application-Policy: 1.3.6.1.5.5.7.3.2; msPKI-Certificate-Name-Flag: 134217728; msPKI-Enrollment-Flag: 32; msPKI-Minimal-Key-Size: 2048; msPKI-Private-Key-Flag: 0; msPKI-RA-Signature: 0; msPKI-Template-Minor-Revision: 0; msPKI-Template-Schema-Version: 2; name: Workstation; pKICriticalExtensions: 2.5.29.15; pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider; pKIDefaultKeySpec: 1; pKIExpirationPeriod: 0x00 0x40 0x39 0x87 0x2E 0xE1 0xFE 0xFF; pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2; pKIKeyUsage: 0xA0 0x00; pKIMaxIssuingDepth: 0; pKIOverlapPeriod: 0x00 0x80 0xA6 0x0A 0xFF 0xDE 0xFF 0xFF; revision: 101;