Set-DHASCertificate
Chain
Policy
Syntax
Set-DHASCertificateChainPolicy
[-CertificateChainPolicy] <CertificateChainPolicy>
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-DHASCertificateChainPolicy
-RevocationFlag <String>
-RevocationMode <String>
-VerificationFlags <String>
-UrlRetrievalTimeout <String>
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-DHASCertificateChainPolicy cmdlet sets the certificate chain policy that the Device Health Attestation service enforces. The certificate chain policy specifies parameters for certificate chain verification and revocation behavior.
You can specify a CertificateChainPolicy object to use as input, or alternatively, you can specify the components that comprise a CertificateChainPolicy . The components to specify as input are:
- RevocationFlag.
- RevocationMode.
- VerificationFlags.
- UrlRetrievalTimeout.
You must have administrator rights to run this cmdlets.
Examples
Example 1: Set certificate chain policy with a CertificateChainPolicy object
PS C:\> $policy = Get-DHASCertificateChainPolicy
PS C:\> $policy.RevocationFlag = "ExcludeRoot"
PS C:\> Set-DHASCertificateChainPolicy -CertificateChainPolicy $policy
The first command gets the CertificateChainPolicy object, and then stores it in the $policy variable.
The second command sets the RevocationFlag property of the policy to ExcludeRoot.
The third command sets the policy to include the new value for RevocationFlag.
Example 2: Set certificate chain policy with its components
PS C:\> Set-DHASCertificateChainPolicy -RevocationFlag "ExcludeRoot" -RevocationMode "NoCheck" -VerificationFlags "NoFlag" -UrlRetrievalTimeout "00:01:00"
This command modifies the certificate chain policy by specifying a value for each of its components.
Required Parameters
Specifies the certificate chain policy to use.
Type: | CertificateChainPolicy |
Position: | 0 |
Default value: | None |
Accept pipeline input: | True (ByValue) |
Accept wildcard characters: | False |
Specifies a .NET X509RevocationFlag enumeration .
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a .NET X509RevocationMode enumeration .
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a .NET TimeSpan structure .
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a .NET X509VerificationFlags enumeration .
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional Parameters
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
CertificateChainPolicy