Set-CMCertificateProfileScep

Sets a SCEP certificate profile.

Syntax

Set-CMCertificateProfileScep
   [-AllowCertificateOnAnyDevice <Boolean>]
   [-CertificateStore <CertificateStoreType>]
   [-CertificateTemplateName <String>]
   [-CertificateValidityDays <Int32>]
   [-Confirm]
   [-Description <String>]
   [-DisableWildcardHandling]
   [-Eku <Hashtable>]
   [-EnrollmentRenewThresholdPct <Int32>]
   [-EnrollmentRetryCount <Int32>]
   [-EnrollmentRetryDelayMins <Int32>]
   [-ForceWildcardHandling]
   [-HashAlgorithm <HashAlgorithmTypes>]
   -Id <Int32>
   [-KeySize <Int32>]
   [-KeyStorageProvider <KeyStorageProviderSettingType>]
   [-KeyUsage <X509KeyUsageFlags>]
   [-NewName <String>]
   [-PassThru]
   [-RequireMultifactor <Boolean>]
   [-RootCertificate <IResultObject>]
   [-SanType <SubjectAlternativeNameFormatTypes>]
   [-ScepServerUrl <String[]>]
   [-SubjectType <SubjectNameFormatTypes>]
   [-SupportedPlatform <IResultObject[]>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMCertificateProfileScep [-AllowCertificateOnAnyDevice ]
 [-CertificateStore ] [-CertificateTemplateName ]
 [-CertificateValidityDays ] [-Confirm] [-Description ] [-DisableWildcardHandling]
 [-Eku ] [-EnrollmentRenewThresholdPct ] [-EnrollmentRetryCount ]
 [-EnrollmentRetryDelayMins ] [-ForceWildcardHandling] [-HashAlgorithm ]
 -InputObject  [-KeySize ] [-KeyStorageProvider ]
 [-KeyUsage ] [-NewName ] [-PassThru] [-RequireMultifactor ]
 [-RootCertificate ] [-SanType ] [-ScepServerUrl ]
 [-SubjectType ] [-SupportedPlatform ] [-WhatIf] []
Set-CMCertificateProfileScep [-AllowCertificateOnAnyDevice ]
 [-CertificateStore ] [-CertificateTemplateName ]
 [-CertificateValidityDays ] [-Confirm] [-Description ] [-DisableWildcardHandling]
 [-Eku ] [-EnrollmentRenewThresholdPct ] [-EnrollmentRetryCount ]
 [-EnrollmentRetryDelayMins ] [-ForceWildcardHandling] [-HashAlgorithm ]
 [-KeySize ] [-KeyStorageProvider ] [-KeyUsage ]
 -Name  [-NewName ] [-PassThru] [-RequireMultifactor ]
 [-RootCertificate ] [-SanType ] [-ScepServerUrl ]
 [-SubjectType ] [-SupportedPlatform ] [-WhatIf] []

Description

The Set-CMCertificateProfileScep cmdlet updates the settings of a SCEP certificate profile.

Examples

Example 1: Set a SCEP certificate profile by name

PS C:\> Set-CMCertificateProfileScep -Name "TestProfile01" -CertificateStore Machine -Description "Test update" -HashAlgorithm SHA3 -KeySize 1024 -KeyUsage KeyEncipherment -NewName "TestProfile01_updated" -SanType SubjectAltRequireDns

This command updates the SEP certificate profile named TestProfile01 and gives it the new name TestProfile01_updated.

Example 2: Set a SCEP certificate profile by using the pipeline

PS C:\> Get-CMCertificateProfileScep -Name "TestProfile02" -Fast | Set-CMCertificateProfileScep -AllowCertificateOnAnyDevice $True -KeyStorageProvider InstallToNGC_FailIfNotPresent

This command gets the SEP certificate profile object named TestProfile02 and uses the pipeline operator to pass the object to Set-CMCertificateProfileScep, which updates the settings of the profile object.

Required Parameters

-Id

Specifies the CI_ID of a SCEP certificate profile.

Type:Int32
Aliases:CI_ID, CIId
Required:True
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InputObject

Specifies a SCEP certificate profile object. To obtain a SCEP certificate profile object, use the Get-CMCertificateProfileScep function.

Type:IResultObject
Required:True
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-Name

Specifies a name for the SCEP certificate profile.

Type:String
Required:True
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-AllowCertificateOnAnyDevice

Indicates whether to allow certificate enrollment on any device.

Type:Boolean
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CertificateStore

Specifies the certificate type. Valid values are:- Machine

  • User
Type:CertificateStoreType
Parameter Sets:Machine, User
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CertificateTemplateName

Specifies the name of a certificate template.

Type:String
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CertificateValidityDays

Specifies, in number of days, the certificate validity period.

Type:Int32
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Required:False
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Description

Specifies a description for the SCEP certificate profile.

Type:String
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

Indicates that wildcard handling is disabled.

Type:SwitchParameter
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Eku

Specifies the extended key usage. The values in the hash table define the certificate's intended purpose.

Type:Hashtable
Aliases:Ekus
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnrollmentRenewThresholdPct

Specifies the percentage of the certificate lifetime that remains before the device requests renewal of the certificate.

Type:Int32
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnrollmentRetryCount

Specifies the number of times that the device automatically retries the certificate request to the server that is running the Network Device Enrollment Service.

Type:Int32
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnrollmentRetryDelayMins

Specifies the interval, in minutes, between each enrollment attempt when you use CA manager approval before the issuing CA processes the certificate request.

Type:Int32
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

Indicates that wildcard handling is enabled.

Type:SwitchParameter
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-HashAlgorithm

Specifies the hash algorithm. Valid values are:- SHA1

  • SHA2
  • SHA3
  • NONE
Type:HashAlgorithmTypes
Aliases:HashAlgorithms
Parameter Sets:NONE, SHA1, SHA2, SHA3
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeySize

Specifies the size of the key. Valid values are:- 1024

  • 2048
Type:Int32
Parameter Sets:1024, 2048
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyStorageProvider

Specifies the Key Storage Provider (KSP) for the SCEP enrollment. Valid values are:- None

  • InstallToTPM_FailIfNotPresent
  • InstallToTPM_IfPresent
  • InstallToSoftwareKeyStorageProvider
  • InstallToNGC_FailIfNotPresent
Type:KeyStorageProviderSettingType
Parameter Sets:None, InstallToTPM_FailIfNotPresent, InstallToTPM_IfPresent, InstallToSoftwareKeyStorageProvider, InstallToNGC_FailIfNotPresent
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyUsage

Specifies the key usage for the certificate. Valid values are:- KeyEncipherment

  • DigitalSignature
  • None
  • EncipherOnly
  • CrlSign
  • KeyCertSign
  • KeyAgreement
  • DataEncipherment
  • NonRepudiation
  • DecipherOnly
Type:X509KeyUsageFlags
Aliases:KeyUsages
Parameter Sets:KeyEncipherment, DigitalSignature
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NewName

Specifies a new name for the SCEP certificate profile.

Type:String
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RequireMultifactor

Indicates that multi-factor authentication is required during enrollment of devices before issuing certificates to those devices. This parameter can be used when the InstallToNGC_FailIfNotPresent value is set for the KeyStorageProvider parameter.

Type:Boolean
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RootCertificate

Specifies a trusted root CA certificate object. To get a trusted root CA certificate, use the Get-CMCertificateProfileTrustedRootCA function.

Type:IResultObject
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SanType

Specifies the subject alternative name. Valid values are:- SubjectAltRequireSpn

  • SubjectAltRequireUpn
  • SubjectAltReqiureEmail
  • SubjectAltRequireDns
Type:SubjectAlternativeNameFormatTypes
Aliases:SanTypes
Parameter Sets:SubjectAltRequireSpn, SubjectAltRequireUpn, SubjectAltReqiureEmail, SubjectAltRequireDns
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScepServerUrl

Specifies an array of URLs for the Network Device Enrollment Service (NDES) servers that will issue certificates via SCEP.

Type:String[]
Aliases:ScepServerUrls
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SubjectType

Specifies the subject name format. Valid values are:- SubjectRequireCommonNameAsEmail

  • SubjectRequireCommonNameAsDeviceName
  • SubjectRequireCommonNameAsOSName
  • SubjectRequireCommonNameAsIMEI
  • SubjectRequireCommonNameAsMEID
  • SubjectRequireCommonNameAsSerialNumber
  • SubjectRequireCommonNameAsDeviceType
  • SubjectRequireCommonNameAsWiFiMAC
  • SubjectRequireCommonNameAsEthernetMAC
  • SubjectRequireAsCustomString
  • SubjectRequireDnsAsCN
  • SubjectRequireEmail
  • SubjectRequireCommonName
  • SubjectRequireDirectoryPath
Type:SubjectNameFormatTypes
Aliases:SubjectTypes
Parameter Sets:SubjectRequireCommonNameAsEmail, SubjectRequireCommonNameAsDeviceName, SubjectRequireCommonNameAsOSName, SubjectRequireCommonNameAsIMEI, SubjectRequireCommonNameAsMEID, SubjectRequireCommonNameAsSerialNumber, SubjectRequireCommonNameAsDeviceType, SubjectRequireCommonNameAsWiFiMAC, SubjectRequireCommonNameAsEthernetMAC, SubjectRequireAsCustomString, SubjectRequireDnsAsCN, SubjectRequireEmail, SubjectRequireCommonName, SubjectRequireDirectoryPath
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SupportedPlatform

Specifies a supported platform object. To obtain a supported platform object, use the Get-CMSupportedPlatform cmdlet.

Type:IResultObject[]
Aliases:SupportedPlatforms
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Required:False
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

IResultObject#SMS_ConfigurationPolicy