< Back
Set-AzureKeyVaultCertificatePolicy
Post
NAME Set-AzureKeyVaultCertificatePolicy
SYNOPSIS
Creates or updates the policy for a certificate in a key vault.
SYNTAX
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-CertificateType <String>] [-DefaultProfile <IAzureContextContainer>]
[-Disabled] [-DnsName <System.Collections.Generic.List`1[System.String]>] [-Ekus <System.Collections.Generic.List`1[System.String]>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-IssuerName <String>] [-KeyNotExportable] [-KeyType {RSA |
RSA-HSM}] [-KeyUsage <System.Collections.Generic.List`1[System.String]>] [-PassThru] [-RenewAtPercentageLifetime <Int32>] [-ReuseKeyOnRenewal
<Boolean>] [-SecretContentType {application/x-pkcs12 | application/x-pem-file}] [-SubjectName <String>] [-ValidityInMonths <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-CertificateType <String>] [-DefaultProfile <IAzureContextContainer>]
[-Disabled] [-DnsName <System.Collections.Generic.List`1[System.String]>] [-Ekus <System.Collections.Generic.List`1[System.String]>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-IssuerName <String>] [-KeyNotExportable] [-KeyType {RSA |
RSA-HSM}] [-KeyUsage <System.Collections.Generic.List`1[System.String]>] [-PassThru] -RenewAtNumberOfDaysBeforeExpiry <Int32> [-ReuseKeyOnRenewal
<Boolean>] [-SecretContentType {application/x-pkcs12 | application/x-pem-file}] [-SubjectName <String>] [-ValidityInMonths <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-InputObject] <PSKeyVaultCertificatePolicy> [-DefaultProfile
<IAzureContextContainer>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-KeyType {RSA | RSA-HSM}] [-PassThru]
[-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-AzureKeyVaultCertificatePolicy cmdlet creates or updates the policy for a certificate in a key vault.
PARAMETERS
-CertificateType <String>
Specifies the type of certificate to the issuer.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Disabled [<SwitchParameter>]
Indicates that the certificate policy is disabled.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DnsName <System.Collections.Generic.List`1[System.String]>
Specifies the subject name of the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Ekus <System.Collections.Generic.List`1[System.String]>
Specifies the enhanced key usages (EKUs) in the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EmailAtNumberOfDaysBeforeExpiry <Int32>
Specifies the number of days before expiration when automatic renewal should start.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EmailAtPercentageLifetime <Int32>
Specifies the percentage of the lifetime after which the automatic process for the notification begins.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVaultCertificatePolicy>
Specifies the certificate policy.
Required? true
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-IssuerName <String>
Specifies the name of the issuer for this certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyNotExportable [<SwitchParameter>]
Indicates that the key is not exportable.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyType <String>
Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:
- RSA
- RSA-HSM
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyUsage <System.Collections.Generic.List`1[System.String]>
Specifies the key usages in the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Name <String>
Specifies the name of the certificate.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-RenewAtNumberOfDaysBeforeExpiry <Int32>
Specifies the number of days before expiry after which the automatic process for certificate renewal begins.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-RenewAtPercentageLifetime <Int32>
Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ReuseKeyOnRenewal <Boolean>
Indicates that the certificate reuse the key during renewal.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-SecretContentType <String>
Specifies the content type of the new key vault secret. The acceptable values for this parameter are:
- application/x-pkcs12
- application/x-pem-file
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-SubjectName <String>
Specifies the subject name of the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ValidityInMonths <Int32>
Specifies the number of months the certificate is valid.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of a key vault.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultCertificatePolicy
NOTES
Example 1: Set a certificate policy
PS C:\\>Set-AzureKeyVaultCertificatePolicy -VaultName "ContosoKV01" -Name "TestCert01" -SecretContentType "application/x-pkcs12" -SubjectName
"CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal $True
This command sets the policy for the TestCert01 certificate in the ContosoKV01 key vault.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... catepolicy
Get-AzureKeyVaultCertificatePolicy
New-AzureKeyVaultCertificatePolicy
SYNOPSIS
Creates or updates the policy for a certificate in a key vault.
SYNTAX
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-CertificateType <String>] [-DefaultProfile <IAzureContextContainer>]
[-Disabled] [-DnsName <System.Collections.Generic.List`1[System.String]>] [-Ekus <System.Collections.Generic.List`1[System.String]>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-IssuerName <String>] [-KeyNotExportable] [-KeyType {RSA |
RSA-HSM}] [-KeyUsage <System.Collections.Generic.List`1[System.String]>] [-PassThru] [-RenewAtPercentageLifetime <Int32>] [-ReuseKeyOnRenewal
<Boolean>] [-SecretContentType {application/x-pkcs12 | application/x-pem-file}] [-SubjectName <String>] [-ValidityInMonths <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-CertificateType <String>] [-DefaultProfile <IAzureContextContainer>]
[-Disabled] [-DnsName <System.Collections.Generic.List`1[System.String]>] [-Ekus <System.Collections.Generic.List`1[System.String]>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-IssuerName <String>] [-KeyNotExportable] [-KeyType {RSA |
RSA-HSM}] [-KeyUsage <System.Collections.Generic.List`1[System.String]>] [-PassThru] -RenewAtNumberOfDaysBeforeExpiry <Int32> [-ReuseKeyOnRenewal
<Boolean>] [-SecretContentType {application/x-pkcs12 | application/x-pem-file}] [-SubjectName <String>] [-ValidityInMonths <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-AzureKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-InputObject] <PSKeyVaultCertificatePolicy> [-DefaultProfile
<IAzureContextContainer>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>] [-KeyType {RSA | RSA-HSM}] [-PassThru]
[-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Set-AzureKeyVaultCertificatePolicy cmdlet creates or updates the policy for a certificate in a key vault.
PARAMETERS
-CertificateType <String>
Specifies the type of certificate to the issuer.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Disabled [<SwitchParameter>]
Indicates that the certificate policy is disabled.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DnsName <System.Collections.Generic.List`1[System.String]>
Specifies the subject name of the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Ekus <System.Collections.Generic.List`1[System.String]>
Specifies the enhanced key usages (EKUs) in the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EmailAtNumberOfDaysBeforeExpiry <Int32>
Specifies the number of days before expiration when automatic renewal should start.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EmailAtPercentageLifetime <Int32>
Specifies the percentage of the lifetime after which the automatic process for the notification begins.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVaultCertificatePolicy>
Specifies the certificate policy.
Required? true
Position? 2
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-IssuerName <String>
Specifies the name of the issuer for this certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyNotExportable [<SwitchParameter>]
Indicates that the key is not exportable.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyType <String>
Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:
- RSA
- RSA-HSM
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-KeyUsage <System.Collections.Generic.List`1[System.String]>
Specifies the key usages in the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Name <String>
Specifies the name of the certificate.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-RenewAtNumberOfDaysBeforeExpiry <Int32>
Specifies the number of days before expiry after which the automatic process for certificate renewal begins.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-RenewAtPercentageLifetime <Int32>
Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ReuseKeyOnRenewal <Boolean>
Indicates that the certificate reuse the key during renewal.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-SecretContentType <String>
Specifies the content type of the new key vault secret. The acceptable values for this parameter are:
- application/x-pkcs12
- application/x-pem-file
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-SubjectName <String>
Specifies the subject name of the certificate.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ValidityInMonths <Int32>
Specifies the number of months the certificate is valid.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of a key vault.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultCertificatePolicy
NOTES
Example 1: Set a certificate policy
PS C:\\>Set-AzureKeyVaultCertificatePolicy -VaultName "ContosoKV01" -Name "TestCert01" -SecretContentType "application/x-pkcs12" -SubjectName
"CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal $True
This command sets the policy for the TestCert01 certificate in the ContosoKV01 key vault.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... catepolicy
Get-AzureKeyVaultCertificatePolicy
New-AzureKeyVaultCertificatePolicy