# CertificateTemplate | Field | Type | Possible Operators | Description | | --------------------------------------- | ------- | ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Guid** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A unique identifier that is a combination of GUID of selected `Scan` and Active Directory `ObjectGUID` of the object. | | **FSName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | A special unique identifier that is a combination of the `Name of the object` and the `FSName of the Forest`. | | **Name** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Name of the specified object. (**Ldap Display Name**: name) | | **DistinguishedName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Active Directory distinguished name of the object. (**Ldap Display Name**: distinguishedName) | | **ValidityPeriod** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The period of time during which a certificate is intended to be valid. | | **IsEnrolleeSuppliesSubject** | BOOLEAN | `N/A` | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to this certificate template has been allowed. | | **MSPKICertificateApplicationPolicies** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Specifies certificate application policy extension. In GUI, this attribute can be controlled by setting "Application Policies" in "Extensions" tab. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/44012f2d-5ef3-440d-a61b-b30d3d978130)) | | **RenewalPeriod** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The period of time during which a certificate is intended to be renew. | | **WhenChanged** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | The date when this object was last changed. (**Ldap Display Name**: whenChanged) | | **IsManagerApprovalEnabled** | BOOLEAN | `N/A` | Whether the certificate requests based on the template require manager approval to be issued. | | **WhenCreated** | DATE | `SMALLER`, `LARGER`, `BETWEEN`, `EQUAL` | The date when this object was created. (**Ldap Display Name**: whenCreated) | | **IsPublished** | BOOLEAN | `N/A` | Whether the certificate template has been published by any certificate authority. | | **risk** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The risk score of the object that calculated based on vulnerability counts and severities. | | **MSPKIRAPolicies** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Contains the list of required policy OIDs from registration authorities who sign the enrollment request. ([Field Reference](https://learn.microsoft.com/en-us/windows/win32/adschema/a-mspki-ra-policies)) | | **MSPKIRAApplicationPolicies** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Encapsulates embedded properties for multipurpose use. In GUI, this attribute can be controlled by checking `This number of authorized signatures` check box in `Issuance Requirements` tab and choosing `Application Policy` menu. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/3fe798de-6252-4350-aace-f418603ddeda)) | | **ExtendedKeyUsage** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. | | **HasDomainAuthenticationEKU** | BOOLEAN | `N/A` | Whether certificate template contains any Extended Key Usage(EKU) that allows to auhenticate in the domain. | | **SchemaVersion** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The certificate template schema version. | | **DisplayName** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | The display name for an object. (**LDAP Display Name**: displayName) | | **EnrollmentFlags** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Specifies the enrollment flags. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1)) | | **CertificateNameFlags** | TEXT | `LIKE`,`NOT_LIKE EQUAL`,`NOT_EQUAL`,`IS_EMPTY` | Specifies the subject name flags. ([Field Reference](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/1192823c-d839-4bc3-9b6b-fa8c53507ae1)) | | **NumberOfAuthorizedSignatures** | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | The number of Authorized Signatures to issue a certificate. | | ExposurePoint | NUMBER | `EQUAL`, `BETWEEN`, `SMALLER`, `LARGER`, `SMALLER_EQUAL`, `LARGER_EQUAL` | **ExposurePoint**: A numerical value indicating the level of risk or exposure. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports/certificatetemplate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.