你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzKeyVaultCertificatePolicy
创建内存中证书策略对象。
语法
New-AzKeyVaultCertificatePolicy
[-IssuerName] <String>
[-SubjectName] <String>
[-RenewAtNumberOfDaysBeforeExpiry <Int32>]
[-RenewAtPercentageLifetime <Int32>]
[-SecretContentType <String>]
[-ReuseKeyOnRenewal]
[-Disabled]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeySize <Int32>]
[-KeyNotExportable]
[-CertificateTransparency <Boolean>]
[-Curve <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzKeyVaultCertificatePolicy
[-IssuerName] <String>
[[-SubjectName] <String>]
[-DnsName] <System.Collections.Generic.List`1[System.String]>
[-RenewAtNumberOfDaysBeforeExpiry <Int32>]
[-RenewAtPercentageLifetime <Int32>]
[-SecretContentType <String>]
[-ReuseKeyOnRenewal]
[-Disabled]
[-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
[-Ekus <System.Collections.Generic.List`1[System.String]>]
[-ValidityInMonths <Int32>]
[-CertificateType <String>]
[-EmailAtNumberOfDaysBeforeExpiry <Int32>]
[-EmailAtPercentageLifetime <Int32>]
[-KeyType <String>]
[-KeySize <Int32>]
[-KeyNotExportable]
[-CertificateTransparency <Boolean>]
[-Curve <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] 说明
New-AzKeyVaultCertificatePolicy cmdlet 为 Azure 密钥库创建内存中证书策略对象。
示例
示例 1:创建证书策略
New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal
SecretContentType : application/x-pkcs12
Kty :
KeySize : 2048
Curve :
Exportable :
ReuseKeyOnRenewal : True
SubjectName : CN=contoso.com
DnsNames :
KeyUsage :
Ekus :
ValidityInMonths : 6
IssuerName : Self
CertificateType :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime :
CertificateTransparency :
Enabled : True
Created :
Updated :此命令创建一个证书策略,该策略有效期为 6 个月,并重复使用密钥来续订证书。
示例 2
创建内存中证书策略对象。 (自动生成)
New-AzKeyVaultCertificatePolicy -IssuerName 'Self' -KeyType RSA -RenewAtNumberOfDaysBeforeExpiry <Int32> -SecretContentType application/x-pkcs12 -SubjectName 'CN=contoso.com' -ValidityInMonths 6示例 3:创建使用者备用名称(或 SAN)证书
New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -DnsName "contoso.com","support.contoso.com","docs.contoso.com" -IssuerName "Self"
SecretContentType : application/x-pkcs12
Kty : RSA
KeySize : 2048
Curve :
Exportable :
ReuseKeyOnRenewal : False
SubjectName : CN=contoso.com
DnsNames : {contoso.com, support.contoso.com, docs.contoso.com}
KeyUsage :
Ekus :
ValidityInMonths :
IssuerName : Self
CertificateType :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime :
CertificateTransparency :
Enabled : True
Created :
Updated :此示例创建一个包含 3 个 DNS 名称的 SAN 证书。
参数
-CertificateTransparency
指示是否为此证书/颁发者启用了证书透明度;如果未指定,则默认值为“true”
| Type: | Nullable<T>[Boolean] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-CertificateType
指定颁发者的证书类型。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Curve
指定证书密钥的椭圆曲线名称。 此参数的可接受值为:
- P-256
- P-384
- P-521
- P-256K
- 标准版CP256K1
| Type: | String |
| Accepted values: | P-256, P-384, P-521, P-256K, SECP256K1 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
用于与 azure 通信的凭据、帐户、租户和订阅
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Disabled
指示证书策略已禁用。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DnsName
指定证书中的 DNS 名称。 使用者可选名称(SAN)可以指定为 DNS 名称。
| Type: | List<T>[String] |
| Aliases: | DnsNames |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Ekus
指定证书中的增强型密钥用法(EKU)。
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EmailAtNumberOfDaysBeforeExpiry
指定自动通知过程开始到期前的天数。
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EmailAtPercentageLifetime
指定通知的自动过程开始后的生存期百分比。
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IssuerName
指定证书的颁发者的名称。
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyNotExportable
指示密钥不可导出。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeySize
指定证书的密钥大小。 此参数的可接受值为:
- 2048
- 3072
- 4096
- 256
- 384
- 521
| Type: | Int32 |
| Accepted values: | 2048, 3072, 4096, 256, 384, 521 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyType
指定支持证书的密钥的密钥类型。 此参数的可接受值为:
- RSA
- RSA-HSM
- EC
- EC-HSM
| Type: | String |
| Accepted values: | RSA, RSA-HSM, EC, EC-HSM |
| Position: | Named |
| Default value: | RSA |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-KeyUsage
指定证书中的密钥用法。
| Type: | List<T>[X509KeyUsageFlags] |
| Accepted values: | None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RenewAtNumberOfDaysBeforeExpiry
指定到期前的天数,之后证书续订的自动过程开始。
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RenewAtPercentageLifetime
指定证书续订的自动过程开始后的生存期百分比。
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ReuseKeyOnRenewal
指示证书在续订期间重复使用密钥。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SecretContentType
指定新密钥保管库机密的内容类型。 此参数的可接受值为:
- application/x-pkcs12
- application/x-pem-file
| Type: | String |
| Accepted values: | application/x-pkcs12, application/x-pem-file |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SubjectName
指定证书的主题名称。
注意
如果必须在参数中的 SubjectName 属性中使用逗号(,)或句点(.),则必须将属性字段括在引号中。 例如,可以在“组织名称”字段中使用 O=“Contoso, Ltd.”。
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ValidityInMonths
指定证书有效的月数。
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
List<T>[[System.String, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
Nullable<T>[[System.Int32, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
List<T>[[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags, System.Security.Cryptography.X509Certificates, Version=4.2.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]]
输出
相关链接
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈