Set-HgsKeyProtectionAttestationSignerCertificatePolicy
Modifies the policy for an attestation signer certificates.
Syntax
Set-HgsKeyProtectionAttestationSignerCertificatePolicy
-DenyHealthCertificatesIssuedBefore <DateTime>
[-Thumbprint <String>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-HgsKeyProtectionAttestationSignerCertificatePolicy cmdlet modifies the policy for attestation signer certificates. You can modify a date in the policy. The Key Protection Service rejects health certificates signed by the specified attestation signer certificate and issued before the specified date.
Examples
Example 1: Modify the date on all attestation signer certificates
PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificatesIssuedBefore $DenyTimeThe first command creates a DateTime object by using the Get-Date cmdlet, and then stores it in the $DenyTime variable.
The second command modifies the date for all trusted attestation signer certificates to the value stored in $DenyTime.
Example 2: Modify the date on an attestation signer certificate
PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificatesIssuedBefore $DenyTime -Thumbprint "8bdc4fb5034c4adb86cb57a4465dc161"The first command creates a DateTime object, and then stores it in the $DenyTime variable.
The second command modifies the date for a specific trusted attestation signer certificate to the value stored in $DenyTime.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DenyHealthCertificatesIssuedBefore
Specifies a date as a DateTime object.
The Key Protection Service rejects any health certificates signed by the specified attestation signer certificate and issued before this time.
To obtain a DateTime object, use the Get-Date cmdlet.
For more information, type Get-Help Get-Date.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the attestation signer certificate to which to apply the policy. If you do not specify a value for this parameter, this cmdlet applies the policy to all signer certificates.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
None
This cmdlet does not generate any output.