Modifier

Partager via


Set-AzKeyVaultCertificatePolicy

Creates or updates the policy for a certificate in a key vault.

Syntax

Set-AzKeyVaultCertificatePolicy
   [-VaultName] <String>
   [-Name] <String>
   [-RenewAtPercentageLifetime <Int32>]
   [-SecretContentType <String>]
   [-ReuseKeyOnRenewal <Boolean>]
   [-Disabled]
   [-SubjectName <String>]
   [-DnsName <System.Collections.Generic.List`1[System.String]>]
   [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
   [-Ekus <System.Collections.Generic.List`1[System.String]>]
   [-ValidityInMonths <Int32>]
   [-IssuerName <String>]
   [-CertificateType <String>]
   [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
   [-EmailAtPercentageLifetime <Int32>]
   [-KeyType <String>]
   [-KeySize <Int32>]
   [-KeyNotExportable]
   [-CertificateTransparency <Boolean>]
   [-PassThru]
   [-Curve <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultCertificatePolicy
   [-VaultName] <String>
   [-Name] <String>
   [-InputObject] <PSKeyVaultCertificatePolicy>
   [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
   [-EmailAtPercentageLifetime <Int32>]
   [-KeyType <String>]
   [-KeySize <Int32>]
   [-CertificateTransparency <Boolean>]
   [-PassThru]
   [-Curve <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzKeyVaultCertificatePolicy
   [-VaultName] <String>
   [-Name] <String>
   -RenewAtNumberOfDaysBeforeExpiry <Int32>
   [-SecretContentType <String>]
   [-ReuseKeyOnRenewal <Boolean>]
   [-Disabled]
   [-SubjectName <String>]
   [-DnsName <System.Collections.Generic.List`1[System.String]>]
   [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
   [-Ekus <System.Collections.Generic.List`1[System.String]>]
   [-ValidityInMonths <Int32>]
   [-IssuerName <String>]
   [-CertificateType <String>]
   [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
   [-EmailAtPercentageLifetime <Int32>]
   [-KeyType <String>]
   [-KeySize <Int32>]
   [-KeyNotExportable]
   [-CertificateTransparency <Boolean>]
   [-PassThru]
   [-Curve <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzKeyVaultCertificatePolicy cmdlet creates or updates the policy for a certificate in a key vault.

Examples

Example 1: Set a certificate policy

Set-AzKeyVaultCertificatePolicy -VaultName "ContosoKV01" -Name "TestCert01" -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal $True -PassThru

SecretContentType               : application/x-pkcs12
Kty                             :
KeySize                         : 2048
Curve                           :
Exportable                      :
ReuseKeyOnRenewal               : True
SubjectName                     : CN=contoso.com
DnsNames                        :
KeyUsage                        :
Ekus                            :
ValidityInMonths                : 6
IssuerName                      : Self
CertificateType                 :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime       :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime       :
CertificateTransparency         :
Enabled                         : True
Created                         :
Updated                         :

This command sets the policy for the TestCert01 certificate in the ContosoKV01 key vault.

Parameters

-CertificateTransparency

Indicates whether certificate transparency is enabled for this certificate/issuer; if not specified, the default is 'true'. -IssuerName needs to be specified when setting this property.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateType

Specifies the type of certificate to the issuer.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Curve

Specifies the elliptic curve name of the key of the certificate. The acceptable values for this parameter are:

  • P-256
  • P-384
  • P-521
  • P-256K
  • SECP256K1
Type:String
Accepted values:P-256, P-384, P-521, P-256K, SECP256K1
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Disabled

Indicates that the certificate policy is disabled.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DnsName

Specifies the subject name of the certificate.

Type:List<T>[String]
Aliases:DnsNames
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Ekus

Specifies the enhanced key usages (EKUs) in the certificate.

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EmailAtNumberOfDaysBeforeExpiry

Specifies the number of days before expiration when automatic renewal should start.

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EmailAtPercentageLifetime

Specifies the percentage of the lifetime after which the automatic process for the notification begins.

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the certificate policy.

Type:PSKeyVaultCertificatePolicy
Aliases:CertificatePolicy
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-IssuerName

Specifies the name of the issuer for this certificate.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyNotExportable

Indicates that the key is not exportable.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeySize

Specifies the key size of the certificate. The acceptable values for this parameter are:

  • 2048
  • 3072
  • 4096
  • 256
  • 384
  • 521
Type:Int32
Accepted values:2048, 3072, 4096, 256, 384, 521
Position:Named
Default value:2048
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyType

Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:

  • RSA
  • RSA-HSM
  • EC
  • EC-HSM
Type:String
Accepted values:RSA, RSA-HSM, EC, EC-HSM
Position:Named
Default value:RSA
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyUsage

Specifies the key usages in the certificate.

Type:List<T>[X509KeyUsageFlags]
Accepted values:None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the certificate.

Type:String
Aliases:CertificateName
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RenewAtNumberOfDaysBeforeExpiry

Specifies the number of days before expiry after which the automatic process for certificate renewal begins.

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RenewAtPercentageLifetime

Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ReuseKeyOnRenewal

Indicates that the certificate reuse the key during renewal.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SecretContentType

Specifies the content type of the new key vault secret. The acceptable values for this parameter are:

  • application/x-pkcs12
  • application/x-pem-file
Type:String
Accepted values:application/x-pkcs12, application/x-pem-file
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SubjectName

Specifies the subject name of the certificate.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ValidityInMonths

Specifies the number of months the certificate is valid.

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-VaultName

Specifies the name of a key vault.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSKeyVaultCertificatePolicy

Outputs

PSKeyVaultCertificatePolicy