Set-DHASCertificate Chain Policy

Sets certificate chain policy.

Syntax

Set-DHASCertificateChainPolicy
   [-CertificateChainPolicy] <CertificateChainPolicy>
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-DHASCertificateChainPolicy
   -RevocationFlag <String>
   -RevocationMode <String>
   -VerificationFlags <String>
   -UrlRetrievalTimeout <String>
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-DHASCertificateChainPolicy cmdlet sets the certificate chain policy that the Device Health Attestation service enforces. The certificate chain policy specifies parameters for certificate chain verification and revocation behavior.

You can specify a CertificateChainPolicy object to use as input, or alternatively, you can specify the components that comprise a CertificateChainPolicy . The components to specify as input are:

  • RevocationFlag.
  • RevocationMode.
  • VerificationFlags.
  • UrlRetrievalTimeout.

You must have administrator rights to run this cmdlets.

Examples

Example 1: Set certificate chain policy with a CertificateChainPolicy object

PS C:\> $policy = Get-DHASCertificateChainPolicy
PS C:\> $policy.RevocationFlag = "ExcludeRoot"
PS C:\> Set-DHASCertificateChainPolicy -CertificateChainPolicy $policy

The first command gets the CertificateChainPolicy object, and then stores it in the $policy variable.

The second command sets the RevocationFlag property of the policy to ExcludeRoot.

The third command sets the policy to include the new value for RevocationFlag.

Example 2: Set certificate chain policy with its components

PS C:\> Set-DHASCertificateChainPolicy -RevocationFlag "ExcludeRoot" -RevocationMode "NoCheck" -VerificationFlags "NoFlag" -UrlRetrievalTimeout "00:01:00"

This command modifies the certificate chain policy by specifying a value for each of its components.

Required Parameters

-CertificateChainPolicy

Specifies the certificate chain policy to use.

Type: CertificateChainPolicy
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
-RevocationFlag

Specifies a .NET X509RevocationFlag enumeration .

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-RevocationMode

Specifies a .NET X509RevocationMode enumeration .

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UrlRetrievalTimeout

Specifies a .NET TimeSpan structure .

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-VerificationFlags

Specifies a .NET X509VerificationFlags enumeration .

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

Inputs

CertificateChainPolicy