Set-Hgs Key Protection Attestation Signer Certificate Policy

Modifies the policy for an attestation signer certificates.

Syntax

Set-HgsKeyProtectionAttestationSignerCertificatePolicy
   -DenyHealthCertificatesIssuedBefore <DateTime>
   [-Thumbprint <String>]
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-HgsKeyProtectionAttestationSignerCertificatePolicy cmdlet modifies the policy for attestation signer certificates. You can modify a date in the policy. The Key Protection Service rejects health certificates signed by the specified attestation signer certificate and issued before the specified date.

Examples

Example 1: Modify the date on all attestation signer certificates

PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificateIssuedBefore $DenyTime

The first command creates a DateTime object by using the Get-Date cmdlet, and then stores it in the $DenyTime variable.

The second command modifies the date for all trusted attestation signer certificates to the value stored in $DenyTime .

Example 2: Modify the date on an attestation signer certificate

PS C:\> $DenyTime = Get-Date
PS C:\> Set-HgsKeyProtectionAttestationSignerCertificatePolicy -DenyHealthCertificatesIssuedBefore $DenyTime -Thumbprint "8bdc4fb5034c4adb86cb57a4465dc161"

The first command creates a DateTime object, and then stores it in the $DenyTime variable.

The second command modifies the date for a specific trusted attestation signer certificate to the value stored in $DenyTime .

Required Parameters

-DenyHealthCertificatesIssuedBefore

Specifies a date as a DateTime object. The Key Protection Service rejects any health certificates signed by the specified attestation signer certificate and issued before this time. To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date .

Type: DateTime
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Thumbprint

Specifies the thumbprint of the attestation signer certificate to which to apply the policy. If you do not specify a value for this parameter, this cmdlet applies the policy to all signer certificates.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

None

This cmdlet does not generate any output.