Set-DHASCertificateChainPolicy

Sets certificate chain policy.

Syntax

Set-DHASCertificateChainPolicy
   [-CertificateChainPolicy] <CertificateChainPolicy>
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-DHASCertificateChainPolicy
   -RevocationFlag <String>
   -RevocationMode <String>
   -VerificationFlags <String>
   -UrlRetrievalTimeout <String>
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-DHASCertificateChainPolicy cmdlet sets the certificate chain policy that the Device Health Attestation service enforces. The certificate chain policy specifies parameters for certificate chain verification and revocation behavior.

You can specify a CertificateChainPolicy object to use as input, or alternatively, you can specify the components that comprise a CertificateChainPolicy. The components to specify as input are:

  • RevocationFlag.
  • RevocationMode.
  • VerificationFlags.
  • UrlRetrievalTimeout.

You must have administrator rights to run this cmdlets.

Examples

Example 1: Set certificate chain policy with a CertificateChainPolicy object

PS C:\> $policy = Get-DHASCertificateChainPolicy
PS C:\> $policy.RevocationFlag = "ExcludeRoot"
PS C:\> Set-DHASCertificateChainPolicy -CertificateChainPolicy $policy

The first command gets the CertificateChainPolicy object, and then stores it in the $policy variable.

The second command sets the RevocationFlag property of the policy to ExcludeRoot.

The third command sets the policy to include the new value for RevocationFlag.

Example 2: Set certificate chain policy with its components

PS C:\> Set-DHASCertificateChainPolicy -RevocationFlag "ExcludeRoot" -RevocationMode "NoCheck" -VerificationFlags "NoFlag" -UrlRetrievalTimeout "00:01:00"

This command modifies the certificate chain policy by specifying a value for each of its components.

Required Parameters

-CertificateChainPolicy

Specifies the certificate chain policy to use.

Type:CertificateChainPolicy
Position:0
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-RevocationFlag

Specifies a .NET X509RevocationFlag enumeration.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RevocationMode

Specifies a .NET X509RevocationMode enumeration.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UrlRetrievalTimeout

Specifies a .NET TimeSpan structure.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VerificationFlags

Specifies a .NET X509VerificationFlags enumeration.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

CertificateChainPolicy