The New-CMCertificateProfileScep cmdlet creates a Simple Certificate Enrollment Protocol (SCEP) certificate profile.
Note: You must create a trusted CA certificate profile before you can create an SCEP certificate profile.
For information about creating a trusted CA certificate profile, see the New-CMCertificateProfileTrustedRootCA cmdlet.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
This command creates a trusted root CA certificate, and gets all Windows 10 Client supported platforms.
The command then creates a SEP certificate profile using the newly created trusted root CA certificate.
Example 2: Create a SCEP certificate profile and set the certificate store to User
This command creates a trusted root CA certificate, and gets all Windows 10 Client supported platforms.
The command then creates a SCEP certificate using the newly created root CA certificate and setting the certificate store to User.
Parameters
-AllowCertificateOnAnyDevice
Indicates whether to allow certificate enrollment on any device.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-CertificateStore
Specifies the certificate type.
Valid values are:
Machine
User
Parameter properties
Type:
CertificateStoreType
Default value:
User
Accepted values:
Machine, User
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-CertificateTemplateName
Specifies the name of a certificate template.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-CertificateValidityDays
Specifies, in number of days, the certificate validity period.
Parameter properties
Type:
Int32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Description
Specifies a description for the SCEP certificate profile.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Eku
Specifies the extended key usage.
The values in the hash table define the certificate's intended purpose.
Parameter properties
Type:
Hashtable
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
Ekus
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnrollmentRenewThresholdPct
Specifies the percentage of the certificate lifetime that remains before the device requests renewal of the certificate.
Parameter properties
Type:
Int32
Default value:
20
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnrollmentRetryCount
Specifies the number of times that the device automatically retries the certificate request to the server that is running the Network Device Enrollment Service.
Parameter properties
Type:
Int32
Default value:
3
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnrollmentRetryDelayMins
Specifies the interval, in minutes, between each enrollment attempt when you use CA manager approval before the issuing CA processes the certificate request.
Parameter properties
Type:
Int32
Default value:
1
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-HashAlgorithm
Specifies one or more hash algorithm.
Valid values are:
SHA1
SHA2
SHA3
Parameter properties
Type:
HashAlgorithmTypes
Default value:
None
Accepted values:
SHA1, SHA2, SHA3
Supports wildcards:
False
DontShow:
False
Aliases:
HashAlgorithms
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-KeySize
Specifies the size of the key.
Valid values are:
1024
2048
Parameter properties
Type:
Int32
Default value:
2048
Accepted values:
1024, 2048, 4096
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-KeyStorageProvider
Specifies the Key Storage Provider (KSP) for the SCEP enrollment.
Valid values are:
Specifies one or more key usage for the certificate.
Valid values are:
KeyEncipherment
DigitalSignature
Parameter properties
Type:
X509KeyUsageFlags
Default value:
None
Accepted values:
KeyEncipherment, DigitalSignature
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Name
Specifies a name for the SCEP certificate profile.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RequireMultifactor
Indicates that multi-factor authentication is required during enrollment of devices before issuing certificates to those devices.
This parameter can be used when the InstallToNGC_FailIfNotPresent value is set for the KeyStorageProvider parameter.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RootCertificate
Specifies a trusted root CA certificate object.
To get a trusted root CA certificate, use the Get-CMCertificateProfileTrustedRootCA function.
Parameter properties
Type:
IResultObject
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-SanType
Specifies one or more subject alternative name.
Valid values are:
Specifies a supported platform object.
To obtain a supported platform object, use the Get-CMSupportedPlatform cmdlet.
Parameter properties
Type:
IResultObject[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
SupportedPlatforms
Parameter sets
(All)
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.