Set-CMCertificateProfileScep
Sets a SCEP certificate profile.
Syntax
Set-CMCertificateProfileScep
[-AllowCertificateOnAnyDevice <Boolean>]
[-CertificateStore <CertificateStoreType>]
[-CertificateTemplateName <String>]
[-CertificateValidityDays <Int32>]
[-Description <String>]
[-Eku <Hashtable>]
[-EnrollmentRenewThresholdPct <Int32>]
[-EnrollmentRetryCount <Int32>]
[-EnrollmentRetryDelayMins <Int32>]
[-HashAlgorithm <HashAlgorithmTypes>]
-InputObject <IResultObject>
[-KeySize <Int32>]
[-KeyStorageProvider <KeyStorageProviderSettingType>]
[-KeyUsage <X509KeyUsageFlags>]
[-NewName <String>]
[-PassThru]
[-RequireMultifactor <Boolean>]
[-RootCertificate <IResultObject>]
[-SanType <SubjectAlternativeNameFormatTypes>]
[-ScepServerUrl <String[]>]
[-SubjectType <SubjectNameFormatTypes>]
[-SupportedPlatform <IResultObject[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMCertificateProfileScep
[-AllowCertificateOnAnyDevice <Boolean>]
[-CertificateStore <CertificateStoreType>]
[-CertificateTemplateName <String>]
[-CertificateValidityDays <Int32>]
[-Description <String>]
[-Eku <Hashtable>]
[-EnrollmentRenewThresholdPct <Int32>]
[-EnrollmentRetryCount <Int32>]
[-EnrollmentRetryDelayMins <Int32>]
[-HashAlgorithm <HashAlgorithmTypes>]
-Id <Int32>
[-KeySize <Int32>]
[-KeyStorageProvider <KeyStorageProviderSettingType>]
[-KeyUsage <X509KeyUsageFlags>]
[-NewName <String>]
[-PassThru]
[-RequireMultifactor <Boolean>]
[-RootCertificate <IResultObject>]
[-SanType <SubjectAlternativeNameFormatTypes>]
[-ScepServerUrl <String[]>]
[-SubjectType <SubjectNameFormatTypes>]
[-SupportedPlatform <IResultObject[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMCertificateProfileScep
[-AllowCertificateOnAnyDevice <Boolean>]
[-CertificateStore <CertificateStoreType>]
[-CertificateTemplateName <String>]
[-CertificateValidityDays <Int32>]
[-Description <String>]
[-Eku <Hashtable>]
[-EnrollmentRenewThresholdPct <Int32>]
[-EnrollmentRetryCount <Int32>]
[-EnrollmentRetryDelayMins <Int32>]
[-HashAlgorithm <HashAlgorithmTypes>]
[-KeySize <Int32>]
[-KeyStorageProvider <KeyStorageProviderSettingType>]
[-KeyUsage <X509KeyUsageFlags>]
-Name <String>
[-NewName <String>]
[-PassThru]
[-RequireMultifactor <Boolean>]
[-RootCertificate <IResultObject>]
[-SanType <SubjectAlternativeNameFormatTypes>]
[-ScepServerUrl <String[]>]
[-SubjectType <SubjectNameFormatTypes>]
[-SupportedPlatform <IResultObject[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-CMCertificateProfileScep cmdlet updates the settings of a SCEP certificate profile.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Set a SCEP certificate profile by name
PS XYZ:\> Set-CMCertificateProfileScep -Name "TestProfile01" -CertificateStore Machine -Description "Test update" -HashAlgorithm SHA3 -KeySize 1024 -KeyUsage KeyEncipherment -NewName "TestProfile01_updated" -SanType SubjectAltRequireDnsThis command updates the SEP certificate profile named TestProfile01 and gives it the new name TestProfile01_updated.
Example 2: Set a SCEP certificate profile by using the pipeline
PS XYZ:\> Get-CMCertificateProfileScep -Name "TestProfile02" -Fast | Set-CMCertificateProfileScep -AllowCertificateOnAnyDevice $True -KeyStorageProvider InstallToNGC_FailIfNotPresentThis command gets the SEP certificate profile object named TestProfile02 and uses the pipeline operator to pass the object to Set-CMCertificateProfileScep, which updates the settings of the profile object.
Parameters
-AllowCertificateOnAnyDevice
Indicates whether to allow certificate enrollment on any device.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateStore
Specifies the certificate type. Valid values are:
- Machine
- User
| Type: | CertificateStoreType |
| Accepted values: | Machine, User |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateTemplateName
Specifies the name of a certificate template.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateValidityDays
Specifies, in number of days, the certificate validity period.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Specifies a description for the SCEP certificate profile.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Eku
Specifies the extended key usage. The values in the hash table define the certificate's intended purpose.
| Type: | Hashtable |
| Aliases: | Ekus |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRenewThresholdPct
Specifies the percentage of the certificate lifetime that remains before the device requests renewal of the certificate.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRetryCount
Specifies the number of times that the device automatically retries the certificate request to the server that is running the Network Device Enrollment Service.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRetryDelayMins
Specifies the interval, in minutes, between each enrollment attempt when you use CA manager approval before the issuing CA processes the certificate request.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-HashAlgorithm
Specifies the hash algorithm. Valid values are:
- SHA1
- SHA2
- SHA3
- NONE
| Type: | HashAlgorithmTypes |
| Aliases: | HashAlgorithms |
| Accepted values: | NONE, SHA1, SHA2, SHA3 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specifies the CI_ID of a SCEP certificate profile.
| Type: | Int32 |
| Aliases: | CI_ID, CIId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specifies a SCEP certificate profile object. To obtain a SCEP certificate profile object, use the Get-CMCertificateProfileScep function.
| Type: | IResultObject |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeySize
Specifies the size of the key. Valid values are:
- 1024
- 2048
| Type: | Int32 |
| Accepted values: | 1024, 2048, 4096 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyStorageProvider
Specifies the Key Storage Provider (KSP) for the SCEP enrollment. Valid values are:
- None
- InstallToTPM_FailIfNotPresent
- InstallToTPM_IfPresent
- InstallToSoftwareKeyStorageProvider
- InstallToNGC_FailIfNotPresent
| Type: | KeyStorageProviderSettingType |
| Accepted values: | None, InstallToTPM_FailIfNotPresent, InstallToTPM_IfPresent, InstallToSoftwareKeyStorageProvider, InstallToNGC_FailIfNotPresent |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyUsage
Specifies the key usage for the certificate. Valid values are:
- KeyEncipherment
- DigitalSignature
- None
- EncipherOnly
- CrlSign
- KeyCertSign
- KeyAgreement
- DataEncipherment
- NonRepudiation
- DecipherOnly
| Type: | X509KeyUsageFlags |
| Aliases: | KeyUsages |
| Accepted values: | KeyEncipherment, DigitalSignature |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies a name for the SCEP certificate profile.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NewName
Specifies a new name for the SCEP certificate profile.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Add this parameter to return an object that represents the item with which you're working. By default, this cmdlet may not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RequireMultifactor
Indicates that multi-factor authentication is required during enrollment of devices before issuing certificates to those devices. This parameter can be used when the InstallToNGC_FailIfNotPresent value is set for the KeyStorageProvider parameter.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RootCertificate
Specifies a trusted root CA certificate object. To get a trusted root CA certificate, use the Get-CMCertificateProfileTrustedRootCA function.
| Type: | IResultObject |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SanType
Specifies the subject alternative name. Valid values are:
- SubjectAltRequireSpn
- SubjectAltRequireUpn
- SubjectAltReqiureEmail
- SubjectAltRequireDns
| Type: | SubjectAlternativeNameFormatTypes |
| Aliases: | SanTypes |
| Accepted values: | SubjectAltRequireCustom, SubjectAltRequireSpn, SubjectAltRequireAAD, SubjectAltRequireUpn, SubjectAltReqiureEmail, SubjectAltRequireDns |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScepServerUrl
Specifies an array of URLs for the Network Device Enrollment Service (NDES) servers that will issue certificates via SCEP.
| Type: | String[] |
| Aliases: | ScepServerUrls |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubjectType
Specifies the subject name format. Valid values are:
- SubjectRequireCommonNameAsEmail
- SubjectRequireCommonNameAsDeviceName
- SubjectRequireCommonNameAsOSName
- SubjectRequireCommonNameAsIMEI
- SubjectRequireCommonNameAsMEID
- SubjectRequireCommonNameAsSerialNumber
- SubjectRequireCommonNameAsDeviceType
- SubjectRequireCommonNameAsWiFiMAC
- SubjectRequireCommonNameAsEthernetMAC
- SubjectRequireAsCustomString
- SubjectRequireDnsAsCN
- SubjectRequireEmail
- SubjectRequireCommonName
- SubjectRequireDirectoryPath
| Type: | SubjectNameFormatTypes |
| Aliases: | SubjectTypes |
| Accepted values: | SubjectRequireCommonNameAsEmail, SubjectRequireCommonNameAsDeviceName, SubjectRequireCommonNameAsOSName, SubjectRequireCommonNameAsIMEI, SubjectRequireCommonNameAsMEID, SubjectRequireCommonNameAsSerialNumber, SubjectRequireCommonNameAsDeviceType, SubjectRequireCommonNameAsWiFiMAC, SubjectRequireCommonNameAsEthernetMAC, SubjectRequireAsCustomString, SubjectRequireDnsAsCN, SubjectRequireEmail, SubjectRequireCommonName, SubjectRequireDirectoryPath |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SupportedPlatform
Specifies a supported platform object. To obtain a supported platform object, use the Get-CMSupportedPlatform cmdlet.
| Type: | IResultObject[] |
| Aliases: | SupportedPlatforms |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
IResultObject