New-AzureKeyVaultCertificatePolicy

Creates an in-memory certificate policy object.

Syntax

New-AzureKeyVaultCertificatePolicy
   [-IssuerName] <String>
   [-SubjectName] <String>
   [-RenewAtNumberOfDaysBeforeExpiry <Int32>]
   [-RenewAtPercentageLifetime <Int32>]
   [-SecretContentType <String>]
   [-ReuseKeyOnRenewal]
   [-Disabled]
   [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
   [-Ekus <System.Collections.Generic.List`1[System.String]>]
   [-ValidityInMonths <Int32>]
   [-CertificateType <String>]
   [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
   [-EmailAtPercentageLifetime <Int32>]
   [-KeyType <String>]
   [-KeyNotExportable]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzureKeyVaultCertificatePolicy
   [-IssuerName] <String>
   [[-SubjectName] <String>]
   [-DnsName] <System.Collections.Generic.List`1[System.String]>
   [-RenewAtNumberOfDaysBeforeExpiry <Int32>]
   [-RenewAtPercentageLifetime <Int32>]
   [-SecretContentType <String>]
   [-ReuseKeyOnRenewal]
   [-Disabled]
   [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
   [-Ekus <System.Collections.Generic.List`1[System.String]>]
   [-ValidityInMonths <Int32>]
   [-CertificateType <String>]
   [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
   [-EmailAtPercentageLifetime <Int32>]
   [-KeyType <String>]
   [-KeyNotExportable]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzureKeyVaultCertificatePolicy cmdlet creates an in-memory certificate policy object for Azure Key Vault.

Examples

Example 1: Create a certificate policy

PS C:\> New-AzureKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12" -SubjectName "CN=contoso.com" -IssuerName "Self" -ValidityInMonths 6 -ReuseKeyOnRenewal

SecretContentType               : application/x-pkcs12
Kty                             :
KeySize                         : 2048
Exportable                      :
ReuseKeyOnRenewal               : True
SubjectName                     : CN=contoso.com
DnsNames                        :
KeyUsage                        :
Ekus                            :
ValidityInMonths                : 6
IssuerName                      : Self
CertificateType                 :
RenewAtNumberOfDaysBeforeExpiry :
RenewAtPercentageLifetime       :
EmailAtNumberOfDaysBeforeExpiry :
EmailAtPercentageLifetime       :
CertificateTransparency         :
Enabled                         : True
Created                         :
Updated                         :

This command creates a certificate policy that is valid for six months and reuses the key to renew the certificate.

Required Parameters

-DnsName

Specifies the DNS names in the certificate.

Type:System.Collections.Generic.List`1[System.String]
Aliases:DnsNames
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-IssuerName

Specifies the name of the issuer for the certificate.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-SubjectName

Specifies the subject name of the certificate.

Type:String
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-CertificateType

Specifies the type of certificate to the issuer.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Disabled

Indicates that the certificate policy is disabled.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Ekus

Specifies the enhanced key usages (EKUs) in the certificate.

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-EmailAtNumberOfDaysBeforeExpiry

Specifies how many days before expiry the automatic notification process begins.

Type:System.Nullable`1[System.Int32]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-EmailAtPercentageLifetime

Specifies the percentage of the lifetime after which the automatic process for the notification begins.

Type:System.Nullable`1[System.Int32]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-KeyNotExportable

Indicates that the key is not exportable.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-KeyType

Specifies the key type of the key that backs the certificate. The acceptable values for this parameter are:

  • RSA
  • RSA-HSM
Type:String
Accepted values:RSA, RSA-HSM
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-KeyUsage

Specifies the key usages in the certificate.

Type:System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]
Accepted values:None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-RenewAtNumberOfDaysBeforeExpiry

Specifies the number of days before expiry after which the automatic process for certificate renewal begins.

Type:System.Nullable`1[System.Int32]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-RenewAtPercentageLifetime

Specifies the percentage of the lifetime after which the automatic process for certificate renewal begins.

Type:System.Nullable`1[System.Int32]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ReuseKeyOnRenewal

Indicates that the certificate reuse the key during renewal.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-SecretContentType

Specifies the content type of the new key vault secret. The acceptable values for this parameter are:

  • application/x-pkcs12
  • application/x-pem-file
Type:String
Accepted values:application/x-pkcs12, application/x-pem-file
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ValidityInMonths

Specifies the number of months the certificate is valid.

Type:System.Nullable`1[System.Int32]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

System.Collections.Generic.List`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

SwitchParameter

System.Collections.Generic.List`1[[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

Outputs

PSKeyVaultCertificatePolicy