Set-Hgs
Key
Protection
Attestation
Signer
Certificate
Policy
Syntax
Set-HgsKeyProtectionAttestationSignerCertificatePolicy
-DenyHealthCertificatesIssuedBefore <DateTime>
[-Thumbprint <String>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-HgsKeyProtectionAttestationSignerCertificatePolicy cmdlet modifies the policy for attestation signer certificates. You can modify a date in the policy. The Key Protection Service rejects health certificates signed by the specified attestation signer certificate and issued before the specified date.
Examples
Example 1: Modify the date on all attestation signer certificates
PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificateIssuedBefore $DenyTime
The first command creates a DateTime object by using the Get-Date cmdlet, and then stores it in the $DenyTime variable.
The second command modifies the date for all trusted attestation signer certificates to the value stored in $DenyTime .
Example 2: Modify the date on an attestation signer certificate
PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificatesIssuedBefore $DenyTime -Thumbprint "8bdc4fb5034c4adb86cb57a4465dc161"
The first command creates a DateTime object, and then stores it in the $DenyTime variable.
The second command modifies the date for a specific trusted attestation signer certificate to the value stored in $DenyTime .
Required Parameters
Specifies a date as a
DateTime
object.
The Key Protection Service rejects any health certificates signed by the specified attestation signer certificate and issued before this time.
To obtain a
DateTime
object, use the
Get-Date
cmdlet.
For more information, type
Get-Help Get-Date
.
Type: | DateTime |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional Parameters
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the thumbprint of the attestation signer certificate to which to apply the policy. If you do not specify a value for this parameter, this cmdlet applies the policy to all signer certificates.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
None
This cmdlet does not generate any output.