Set-HgsKeyProtectionConfiguration

Module:

HgsKeyProtection

Modifies the configuration of the Key Protection Service.

Syntax

Set-HgsKeyProtectionConfiguration
   -CommunicationsCertificateThumbprint <String>
   [-NoCommunicationsCertificateReplication]
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-HgsKeyProtectionConfiguration
   -CommunicationsCertificatePath <String>
   [-CommunicationsCertificatePassword <SecureString>]
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-HgsKeyProtectionConfiguration cmdlet assigns a communication certificate to the Key Protection Service that runs on the local computer. The Key Protection Service uses the communication certificate to sign the metadata document that the service provides.

Examples

Example 1: Assign a certificate to be the communication certificate

PS C:\> Set-HgsKeyProtectionConfiguration -CommunicationsCertificateThumbprint "d39203a3b3544743ad552afe0615dc1f" -Force

This command assigns the certificate that has the specified thumbprint to be the communication certificate for the Key Protection Service. The command specifies the Force, and so, it does not prompt you for confirmation.

Example 2: Assign a certificate file to be the communications certificate

PS C:\> Set-HgsKeyProtectionConfiguration -CommunicationsCertificatePath "C:\example.pfx"
Set-HgsKeyProtectionConfiguration -CommunicationsCertificateThumbprint "d39203a3b3544743ad552afe0615dc1f" -Force

This command assigns a certificate file to be the communications certificate for the Key Protection Service.

Example 3: Assign a certificate file with a password to be the communications certificate

PS C:\> Set-HgsKeyProtectionConfiguration -CommunicationsCertificatePath "C:\example.pfx" -CommunicationsCertificatePassword $Password

This command assigns a password-protected certificate file to be the communications certificate for the Key Protection Service. The certificate password is stored as a SecureString in the $Password variable.

Parameters

-CommunicationsCertificatePassword

Specifies the password which protects a certificate file. If the certificate file is protected by a password, you must specify this value.

Type:	SecureString
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CommunicationsCertificatePath

Specifies the path to the certificate which will be added to the Key Protection Service as the communications certificate.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-CommunicationsCertificateThumbprint

Specifies the thumbprint of the new communications certificate. Before you run this cmdlet, the certificate that this parameter specifies needs to already be in the LocalMachine\My certificate store.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Force

Forces the command to run without asking for user confirmation.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-NoCommunicationsCertificateReplication

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Related Links

• Get-HgsKeyProtectionConfiguration