CAPI application object

Defines the data required by Trust Protection Foundation to provision certificates to the Cryptographic Application Programming Interface (CAPI). The CAPI store contains Local Computer\Personal certificates on Windows systems to be consumed by IIS or other server applications.

Class Name: CAPI
Driver Name: appcapi
Inheritance: Parent class—Application Base

CAPI attributes
Attribute	Description
Binding IP Address UI: Binding IP Address Required: No	Policy Definable: No. Default: NA The IP address to bind the certificate to the IIS web site. If not specified, the Internet Information Services (IIS) Manager console shows 'All Unassigned'.
Binding Port UI: Binding Port Required: No	Policy Definable: No. Default: 443 The TCP port 1 to 65535 to bind the certificate to the IIS web site.
Create Binding UI: Create Binding Required: No	Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Foundation should create an IIS web site binding if the one specified doesn’t already exist.
Crypto Service Provider UI: NA Required: Yes	Policy Definable: No. Default: NA The supported Crypto Service Provider: Microsoft Strong Cryptographic Provider for devices. Safenet Key Storage Provider for Thales SafeNet Luna SA HSMs.
File Validation Disabled UI: Disable File Validation Required: No	Policy Definable: Yes. Default: 0 The file validation by Trust Protection Foundation: 0 = Validate. Authenticate to the managed device using assigned credentials. 1 = No file validation.
Friendly Name UI: Friendly Name Required: Yes	Policy Definable: No. Default: NA The Friendly Name that helps to uniquely identify the certificate after it has been installed in the Windows CAPI store.
Hostname UI: Binding Host Name Required: No	Policy Definable: No. Default: NA The hostname to bind the certificate to the IIS web site. Specifying this value will make it so the certificate is only accessible to clients using Server Name Indication (SNI).
Network Validation Disabled UI: Disable Network Validation Required: No	Policy Definable: Yes. Default: 0 The network validation by Trust Protection Foundation: 0 = Perform network validation by making a SSL connection to the managed device. 1 = No network validation.
Non-Exportable UI: Non-Exportable Required: No	Policy Definable: Yes. Default: 0 A value of 1 allows the private key, after it has been installed by Trust Protection Foundation, to be exportable from the Certificates MMC console.
Private Key Label UI: Private Key Label Required: No	Policy Definable: No. Default: NA The name of the private key that is currently installed on the HSM.
Private Key Location UI: Private Key Location Required: No	Policy Definable: Yes. Default: NA The location where the remotely generated key pairs are created: Device Thales SafeNet Luna SA HSM
Private Key Trustee UI: Private Key Trustee Required: No	Policy Definable: Yes. Default: NA A string that represents the Windows identity, which can be the same identity that the IIS Application Pool uses. After installing the private key to the CAPI store, Trust Protection Foundation grants the Windows identity read access to the private key. If this field is blank, Trust Protection Foundation grants no special permissions to the private key.
Update IIS UI: Update IIS Required: No	Policy Definable: Yes. Default: 0 A value of 1 specifies that Trust Protection Foundation should update an IIS web site binding when it installs a new certificate and private key. Also requires Web Site Name.
Web Site Name UI: Web Site Name Required: No	Policy Definable: Yes. Default: Default Web Site Required only if "Update IIS" = 1. The unique name of the IIS web site. This value is required when the Update IIS field is set to 1.