Set-AzKeyVaultCertificatePolicy
Creates or updates the policy for a certificate in a key vault.
Set-AzKeyVaultCertificatePolicy
[-VaultName] <String>
[-Name] <String>
[-RenewAtPercentageLifetime <Int32>]
[-SecretContentType <String>]
[-ReuseKeyOnRenewal <Boolean>]
[-Disabled]
[-SubjectName <String>]
[-DnsName <System.Collections.Generic.List`1[System.String]>]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-IssuerName <String>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeySize <Int32>]
[-KeyNotExportable]
[-CertificateTransparency <Boolean>]
[-PassThru]
[-Curve <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzKeyVaultCertificatePolicy
[-VaultName] <String>
[-Name] <String>
[-InputObject] <PSKeyVaultCertificatePolicy>
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeySize <Int32>]
[-CertificateTransparency <Boolean>]
[-PassThru]
[-Curve <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzKeyVaultCertificatePolicy
[-VaultName] <String>
[-Name] <String>
-RenewAtNumberOfDaysBeforeExpiry <Int32>
[-SecretContentType <String>]
[-ReuseKeyOnRenewal <Boolean>]
[-Disabled]
[-SubjectName <String>]
[-DnsName <System.Collections.Generic.List`1[System.String]>]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-IssuerName <String>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeySize <Int32>]
[-KeyNotExportable]
[-CertificateTransparency <Boolean>]
[-PassThru]
[-Curve <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
The Set-AzKeyVaultCertificatePolicy cmdlet creates or updates the policy for a certificate in a key vault.
Set-AzKeyVaultCertificatePolicy -VaultName "ContosoKV01" -Name "TestCert01" -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal $True -PassThru
SecretContentType : application/x-pkcs12
Kty :
KeySize : 2048
Curve :
Exportable :
ReuseKeyOnRenewal : True
SubjectName : CN=contoso.com
DnsNames :
KeyUsage :
Ekus :
ValidityInMonths : 6
IssuerName : Self
CertificateType :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime :
CertificateTransparency :
Enabled : True
Created :
Updated :
This command sets the policy for the TestCert01 certificate in the ContosoKV01 key vault.
Indicates whether certificate transparency is enabled for this certificate/issuer; if not specified, the default is 'true'.
-IssuerName
needs to be specified when setting this property.
Type: | Nullable<T>[Boolean] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the type of certificate to the issuer.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the elliptic curve name of the key of the certificate. The acceptable values for this parameter are:
- P-256
- P-384
- P-521
- P-256K
- SECP256K1
Type: | String |
Accepted values: | P-256, P-384, P-521, P-256K, SECP256K1 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with azure
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates that the certificate policy is disabled.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the subject name of the certificate.
Specifies the enhanced key usages (EKUs) in the certificate.
Specifies the number of days before expiration when automatic renewal should start.
Type: | Nullable<T>[Int32] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the percentage of the lifetime after which the automatic process for the notification begins.
Type: | Nullable<T>[Int32] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the certificate policy.
Type: | PSKeyVaultCertificatePolicy |
Aliases: | CertificatePolicy |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the name of the issuer for this certificate.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates that the key is not exportable.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the key size of the certificate. The acceptable values for this parameter are:
- 2048
- 3072
- 4096
- 256
- 384
- 521
Type: | Int32 |
Accepted values: | 2048, 3072, 4096, 256, 384, 521 |
Position: | Named |
Default value: | 2048 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:
- RSA
- RSA-HSM
- EC
- EC-HSM
Type: | String |
Accepted values: | RSA, RSA-HSM, EC, EC-HSM |
Position: | Named |
Default value: | RSA |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the key usages in the certificate.
Type: | List<T>[X509KeyUsageFlags] |
Accepted values: | None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of the certificate.
Type: | String |
Aliases: | CertificateName |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the number of days before expiry after which the automatic process for certificate renewal begins.
Type: | Nullable<T>[Int32] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.
Type: | Nullable<T>[Int32] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Indicates that the certificate reuse the key during renewal.
Type: | Nullable<T>[Boolean] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the content type of the new key vault secret. The acceptable values for this parameter are:
- application/x-pkcs12
- application/x-pem-file
Type: | String |
Accepted values: | application/x-pkcs12, application/x-pem-file |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the subject name of the certificate.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the number of months the certificate is valid.
Type: | Nullable<T>[Int32] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of a key vault.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: