New-CMCertificateProfileScep
建立 SCEP 憑證設定檔。
Syntax
New-CMCertificateProfileScep
[-AllowCertificateOnAnyDevice <Boolean>]
[-CertificateStore <CertificateStoreType>]
-CertificateTemplateName <String>
-CertificateValidityDays <Int32>
[-Description <String>]
-Eku <Hashtable>
[-EnrollmentRenewThresholdPct <Int32>]
[-EnrollmentRetryCount <Int32>]
[-EnrollmentRetryDelayMins <Int32>]
-HashAlgorithm <HashAlgorithmTypes>
[-KeySize <Int32>]
[-KeyStorageProvider <KeyStorageProviderSettingType>]
-KeyUsage <X509KeyUsageFlags>
-Name <String>
[-RequireMultifactor]
-RootCertificate <IResultObject>
-SanType <SubjectAlternativeNameFormatTypes>
[-ScepServerUrl <String[]>]
[-SubjectType <SubjectNameFormatTypes>]
-SupportedPlatform <IResultObject[]>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
CMCertificateProfileScep Cmdlet 會建立簡單的憑證註冊通訊協定 (SCEP) 憑證設定檔。
附注:您必須先建立信任的 CA 憑證設定檔,才能建立 SCEP 憑證設定檔。 如需建立信任的 CA 憑證設定檔的詳細資訊,請參閱 New-CMCertificateProfileTrustedRootCA Cmdlet。
注意
從 Configuration Manager 網站磁碟機執行 Configuration Manager Cmdlet,例如 PS XYZ:\> 。 如需詳細資訊,請參閱 快速入門。
範例
範例1:建立 SCEP 憑證設定檔
PS XYZ:\> New-CMCertificateProfileScep -CertificateTemplateName "TestTemplate01" -CertificateValidityDays 10 -Eku @{ "name1" ="1.2.3.4"; "name2" = "1.2.3.4.5" } -HashAlgorithm SHA2 -KeyUsage KeyEncipherment -Name "TestSCEPProf01" -RootCertificate (New-CMCertificateProfileTrustedRootCA -Name testing -Path "\\Server\Sharefolder\RootCA.cer" -SupportedPlatform (Get-CMSupportedPlatform -Fast -Name "All Windows 10*Client")) -SanType SubjectAltReqiureEmail -SupportedPlatform (Get-CMSupportedPlatform -Fast -Name "All Windows 10*Client")這個命令會建立受信任的根 CA 憑證,並取得所有 Windows 10 的用戶端支援平臺。 然後命令會使用新建立的根信任 CA 憑證,建立 SEP 憑證設定檔。
範例2:建立 SCEP 憑證設定檔,並將憑證存放區設定為 User
PS XYZ:\> New-CMCertificateProfileScep -CertificateTemplateName "TestTemplate02" -CertificateValidityDays 10 -Eku @{ "name1" ="1.2.3.4"; "name2" = "1.2.3.4.5" } -HashAlgorithm ShA1 -KeyUsage Digitalsignature -Name "TestSCEPProf02" -RootCertificate (New-CMCertificateProfileTrustedRootCA -Name testingSecond -Path "\\Server\Sharefolder\RootCA.cer" -SupportedPlatform (Get-CMSupportedPlatform -Fast -Name "All Windows 10*Client")) -SupportedPlatform (Get-CMSupportedPlatform -Fast -Name "All Windows 10*Client") -CertificateStore User -Description "Test description" -EnrollmentRenewThresholdPct 2 -EnrollmentRetryCount 5 -EnrollmentRetryDelayMins 7 -KeySize 2048 -KeyStorageProvider InstallToTPM_FailIfNotPresent -RequireMultiFactor -SubjectType SubjectRequireEmail -SanType SubjectAltReqiureEmail這個命令會建立受信任的根 CA 憑證,並取得所有 Windows 10 的用戶端支援平臺。 然後,此命令會使用新建立的根 CA 憑證建立 SCEP 憑證,並將憑證存放區設定為 User。
參數
-AllowCertificateOnAnyDevice
會指出是否允許任何裝置上的憑證註冊。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateStore
指定憑證類型。 有效值為:
- 機器
- User
| Type: | CertificateStoreType |
| Accepted values: | Machine, User |
| Position: | Named |
| Default value: | User |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateTemplateName
指定憑證範本的名稱。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateValidityDays
以天數為單位,指定憑證的有效期限。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
執行 Cmdlet 之前提示您確認。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
指定 SCEP 憑證設定檔的描述。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
此參數會將萬用字元視為常值字元值。 您無法將它與 ForceWildcardHandling合併。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Eku
指定延伸的金鑰用法。 雜湊表中的值會定義憑證的預定用途。
| Type: | Hashtable |
| Aliases: | Ekus |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRenewThresholdPct
指定在裝置要求更新憑證之前保留的憑證壽命百分比。
| Type: | Int32 |
| Position: | Named |
| Default value: | 20 |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRetryCount
指定裝置自動將憑證要求重試至執行網路裝置註冊服務之伺服器的次數。
| Type: | Int32 |
| Position: | Named |
| Default value: | 3 |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnrollmentRetryDelayMins
指定在發證 CA 處理憑證要求之前,您使用 CA 管理員核准時,每個註冊嘗試之間的時間間隔(以分鐘為單位)。
| Type: | Int32 |
| Position: | Named |
| Default value: | 1 |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
這個參數會處理萬用字元,而且可能會造成未預期的行為 (不建議) 。 您無法將它與 DisableWildcardHandling合併。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-HashAlgorithm
指定一或多個雜湊演算法。 有效值為:
- SHA1
- SHA2
- SHA3
| Type: | HashAlgorithmTypes |
| Aliases: | HashAlgorithms |
| Accepted values: | SHA1, SHA2, SHA3 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeySize
指定機碼的大小。 有效值為:
- 1024
- 2048
| Type: | Int32 |
| Accepted values: | 1024, 2048, 4096 |
| Position: | Named |
| Default value: | 2048 |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyStorageProvider
指定用於 SCEP 註冊 (KSP) 的金鑰儲存體提供者。 有效值為:
- 無
- InstallToTPM_FailIfNotPresent
- InstallToTPM_IfPresent
- InstallToSoftwareKeyStorageProvider
- InstallToNGC_FailIfNotPresent
| Type: | KeyStorageProviderSettingType |
| Accepted values: | None, InstallToTPM_FailIfNotPresent, InstallToTPM_IfPresent, InstallToSoftwareKeyStorageProvider, InstallToNGC_FailIfNotPresent |
| Position: | Named |
| Default value: | InstallToTPM_IfPresent |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyUsage
指定憑證的一或多個主要用途。 有效值為:
- KeyEncipherment
- DigitalSignature
| Type: | X509KeyUsageFlags |
| Accepted values: | KeyEncipherment, DigitalSignature |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RequireMultifactor
表示註冊裝置時,必須先進行多重要素驗證,才能將憑證發行至這些裝置。 當為 KeyStorageProvider 參數設定 InstallToNGC_FailIfNotPresent 值時,可以使用此參數。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RootCertificate
指定受信任的根 CA 憑證物件。 若要取得信任的根 CA 憑證,請使用 Get-CMCertificateProfileTrustedRootCA 功能。
| Type: | IResultObject |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SanType
指定一或多個主體替代名稱。 有效值為:
- SubjectAltRequireSpn
- SubjectAltRequireUpn
- SubjectAltReqiureEmail
- SubjectAltRequireDns
| Type: | SubjectAlternativeNameFormatTypes |
| Aliases: | SanTypes |
| Accepted values: | SubjectAltRequireCustom, SubjectAltRequireSpn, SubjectAltRequireAAD, SubjectAltRequireUpn, SubjectAltReqiureEmail, SubjectAltRequireDns |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScepServerUrl
指定網路裝置註冊服務的 URLs 陣列, (將透過 SCEP 發行憑證的 NDES) 伺服器。
| Type: | String[] |
| Aliases: | ScepServerUrls |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubjectType
會指定主體名稱格式。 有效值為:
- SubjectRequireCommonNameAsEmail
- SubjectRequireCommonNameAsDeviceName
- SubjectRequireCommonNameAsOSName
- SubjectRequireCommonNameAsIMEI
- SubjectRequireCommonNameAsMEID
- SubjectRequireCommonNameAsSerialNumber
- SubjectRequireCommonNameAsDeviceType
- SubjectRequireCommonNameAsWiFiMAC
- SubjectRequireCommonNameAsEthernetMAC
- SubjectRequireAsCustomString
- SubjectRequireDnsAsCN
- SubjectRequireEmail
- SubjectRequireCommonName
- SubjectRequireDirectoryPath
| Type: | SubjectNameFormatTypes |
| Aliases: | SubjectTypes |
| Accepted values: | SubjectRequireCommonNameAsEmail, SubjectRequireCommonNameAsDeviceName, SubjectRequireCommonNameAsOSName, SubjectRequireCommonNameAsIMEI, SubjectRequireCommonNameAsMEID, SubjectRequireCommonNameAsSerialNumber, SubjectRequireCommonNameAsDeviceType, SubjectRequireCommonNameAsWiFiMAC, SubjectRequireCommonNameAsEthernetMAC, SubjectRequireAsCustomString, SubjectRequireDnsAsCN, SubjectRequireEmail, SubjectRequireCommonName, SubjectRequireDirectoryPath |
| Position: | Named |
| Default value: | SubjectRequireCommonName |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SupportedPlatform
會指定支援的 platform.object 物件。 若要取得支援的 platform.object 物件,請使用 Get-CMSupportedPlatform Cmdlet。
| Type: | IResultObject[] |
| Aliases: | SupportedPlatforms |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 時會發生什麼情況。 不會執行 Cmdlet。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-名稱
指定 SCEP 憑證設定檔的名稱。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
輸入
無
輸出
IResultObject