< Back
Enable-TlsSessionTicketKey
Post
NAME Enable-TlsSessionTicketKey
SYNOPSIS
Configures a TLS server with a TLS session ticket key.
SYNTAX
Enable-TlsSessionTicketKey [-Password] <SecureString> [-Path] <String> [-ServiceAccountName] <NTAccount> [-Force] [-Confirm] [-WhatIf]
[<CommonParameters>]
DESCRIPTION
The Enable-TlsSessionTicketKey cmdlet configures a Transport Layer Security (TLS) server with an administrator-managed TLS session ticket key, created
with New-TlsSessionTicketKey, and configures the rule that uses the key for the application service account. For example, Internet Information Services
(IIS) runs under System account so the ServiceAccountName parameter should be System.
TLS creates a session ticket by using the TLS Session Resumption without Server-Side State mechanism. For more information, see New-TlsSessionTicketKey
or type Get-Help New-TlsSessionTicketKey.
PARAMETERS
-Force [<SwitchParameter>]
Forces the command to run without asking for user confirmation.
If you specify this parameter, the cmdlet overwrites the existing session ticket key and configuration.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
Specifies the password, as a secure string, for the configuration file of the TLS server.
Required? true
Position? 1
Default value none
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Path <String>
Specifies the path of the configuration file for the TLS server.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServiceAccountName <NTAccount>
Specifies the name of a service account. The cmdlet configures the TLS session ticket key for the service account. Only System, LocalService,
NetworkService, and SID of virtual accounts are supported.
Required? true
Position? 3
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Configure a TLS server with a TLS session ticket key for the NetworkService account
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> Enable-TlsSessionTicketKey -Password $Password -Path "C:\\KeyConfig\\TlsSessionTicketKey.config" -ServiceAccountName "NetworkService"
The second command configures the session ticket key for the TLS server. The command specifies the path for the configuration file on the TLS server,
and specifies that the TLS session use the password stored in $Password to access the configuration file and configure the key for the specified service
account.
Example 2: Configure a TLS server with a TLS session ticket key for System account
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> Enable-TlsSessionTicketKey -Password $Password -Path "C:\\KeyConfig\\TlsSessionTicketKey.config" -ServiceAccountName "System"
The second command configures the session ticket key for the TLS server. The command specifies the path for the configuration file on the TLS server,
and specifies that the TLS session use the password stored in $Password to access the configuration file and configure the key for the specified service
account.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=294407
New-TlsSessionTicketKey
Export-TlsSessionTicketKey
Disable-TlsSessionTicketKey
SYNOPSIS
Configures a TLS server with a TLS session ticket key.
SYNTAX
Enable-TlsSessionTicketKey [-Password] <SecureString> [-Path] <String> [-ServiceAccountName] <NTAccount> [-Force] [-Confirm] [-WhatIf]
[<CommonParameters>]
DESCRIPTION
The Enable-TlsSessionTicketKey cmdlet configures a Transport Layer Security (TLS) server with an administrator-managed TLS session ticket key, created
with New-TlsSessionTicketKey, and configures the rule that uses the key for the application service account. For example, Internet Information Services
(IIS) runs under System account so the ServiceAccountName parameter should be System.
TLS creates a session ticket by using the TLS Session Resumption without Server-Side State mechanism. For more information, see New-TlsSessionTicketKey
or type Get-Help New-TlsSessionTicketKey.
PARAMETERS
-Force [<SwitchParameter>]
Forces the command to run without asking for user confirmation.
If you specify this parameter, the cmdlet overwrites the existing session ticket key and configuration.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
Specifies the password, as a secure string, for the configuration file of the TLS server.
Required? true
Position? 1
Default value none
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-Path <String>
Specifies the path of the configuration file for the TLS server.
Required? true
Position? 2
Default value none
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServiceAccountName <NTAccount>
Specifies the name of a service account. The cmdlet configures the TLS session ticket key for the service account. Only System, LocalService,
NetworkService, and SID of virtual accounts are supported.
Required? true
Position? 3
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Configure a TLS server with a TLS session ticket key for the NetworkService account
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> Enable-TlsSessionTicketKey -Password $Password -Path "C:\\KeyConfig\\TlsSessionTicketKey.config" -ServiceAccountName "NetworkService"
The second command configures the session ticket key for the TLS server. The command specifies the path for the configuration file on the TLS server,
and specifies that the TLS session use the password stored in $Password to access the configuration file and configure the key for the specified service
account.
Example 2: Configure a TLS server with a TLS session ticket key for System account
PS C:\\>$Password = Read-Host -AsSecureString
PS C:\\> Enable-TlsSessionTicketKey -Password $Password -Path "C:\\KeyConfig\\TlsSessionTicketKey.config" -ServiceAccountName "System"
The second command configures the session ticket key for the TLS server. The command specifies the path for the configuration file on the TLS server,
and specifies that the TLS session use the password stored in $Password to access the configuration file and configure the key for the specified service
account.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=294407
New-TlsSessionTicketKey
Export-TlsSessionTicketKey
Disable-TlsSessionTicketKey