New-AzureKeyVaultCertificatePolicy
Creates an in-memory certificate policy object.
Caution
Because Az PowerShell modules now have all the capabilities of AzureRM PowerShell modules and more, we'll retire AzureRM PowerShell modules on 29 February 2024.
To avoid service interruptions, update your scripts that use AzureRM PowerShell modules to use Az PowerShell modules by 29 February 2024. To automatically update your scripts, follow the quickstart guide.
Syntax
New-AzureKeyVaultCertificatePolicy
[-IssuerName] <String>
[-SubjectName] <String>
[-RenewAtNumberOfDaysBeforeExpiry <Int32>]
[-RenewAtPercentageLifetime <Int32>]
[-SecretContentType <String>]
[-ReuseKeyOnRenewal]
[-Disabled]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeyNotExportable]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzureKeyVaultCertificatePolicy
[-IssuerName] <String>
[[-SubjectName] <String>]
[-DnsName] <System.Collections.Generic.List`1[System.String]>
[-RenewAtNumberOfDaysBeforeExpiry <Int32>]
[-RenewAtPercentageLifetime <Int32>]
[-SecretContentType <String>]
[-ReuseKeyOnRenewal]
[-Disabled]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeyNotExportable]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-AzureKeyVaultCertificatePolicy cmdlet creates an in-memory certificate policy object for Azure Key Vault.
Examples
Example 1: Create a certificate policy
PS C:\> New-AzureKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal
SecretContentType : application/x-pkcs12
Kty :
KeySize : 2048
Exportable :
ReuseKeyOnRenewal : True
SubjectName : CN=contoso.com
DnsNames :
KeyUsage :
Ekus :
ValidityInMonths : 6
IssuerName : Self
CertificateType :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime :
CertificateTransparency :
Enabled : True
Created :
Updated :This command creates a certificate policy that is valid for six months and reuses the key to renew the certificate.
Parameters
-CertificateType
Specifies the type of certificate to the issuer.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Disabled
Indicates that the certificate policy is disabled.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DnsName
Specifies the DNS names in the certificate.
| Type: | List<T>[String] |
| Aliases: | DnsNames |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Ekus
Specifies the enhanced key usages (EKUs) in the certificate.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EmailAtNumberOfDaysBeforeExpiry
Specifies how many days before expiry the automatic notification process begins.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EmailAtPercentageLifetime
Specifies the percentage of the lifetime after which the automatic process for the notification begins.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IssuerName
Specifies the name of the issuer for the certificate.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyNotExportable
Indicates that the key is not exportable.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyType
Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:
- RSA
- RSA-HSM
| Type: | String |
| Accepted values: | RSA, RSA-HSM |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyUsage
Specifies the key usages in the certificate.
| Type: | List<T>[X509KeyUsageFlags] |
| Accepted values: | None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RenewAtNumberOfDaysBeforeExpiry
Specifies the number of days before expiry after which the automatic process for certificate renewal begins.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RenewAtPercentageLifetime
Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ReuseKeyOnRenewal
Indicates that the certificate reuse the key during renewal.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SecretContentType
Specifies the content type of the new key vault secret. The acceptable values for this parameter are:
- application/x-pkcs12
- application/x-pem-file
| Type: | String |
| Accepted values: | application/x-pkcs12, application/x-pem-file |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SubjectName
Specifies the subject name of the certificate.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ValidityInMonths
Specifies the number of months the certificate is valid.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
List<T>[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
Nullable<T>[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
List<T>[[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]