Configure Service Certificates Using Windows Server AppFabric Cmdlets

Article
06/17/2011

This topic describes how to configure security certificates for an application or a service by using AppFabric cmdlets.

To execute an AppFabric cmdlet interactively, open the Windows PowerShell console for AppFabric, enter the appropriate cmdlet, and then press ENTER. For more information about executing cmdlets, see Running Windows Server AppFabric Cmdlets.

To set the security certificate

In the Windows PowerShell console, execute the Set-ASAppServiceCertificate cmdlet to set a certificate to be used by a service if the service has any secure endpoints that require a certificate. With this cmdlet, there is no validation of whether the service certificate is needed by a service endpoint. There is also no validation of whether the selected certificate exists.

Syntax options for Set-ASAppServiceCertificate:

Syntax 1

Set-ASAppServiceCertificate [-SiteName] <String> [[-VirtualPath] <String>] [-FindType <X509FindType>] [-FindValue <String>] [-StoreLocation <StoreLocation>] [-StoreName <StoreName>] [-UseInherited] [<CommonParameters>]

Syntax 2

Set-ASAppServiceCertificate [-Uri] <Uri> [-FindType <X509FindType>] [-FindValue <String>] [-StoreLocation <StoreLocation>] [-StoreName <StoreName>] [-UseInherited] [<CommonParameters>]

Syntax 3

Set-ASAppServiceCertificate -ApplicationObject <ApplicationInfo> [-FindType <X509FindType>] [-FindValue <String>] [-StoreLocation <StoreLocation>] [-StoreName <StoreName>] [-UseInherited] [<CommonParameters>]

Syntax 4

Set-ASAppServiceCertificate -ServiceObject <ServiceInfo> [-FindType <X509FindType>] [-FindValue <String>] [-StoreLocation <StoreLocation>] [-StoreName <StoreName>] [-UseInherited] [<CommonParameters>]

Syntax 5

Set-ASAppServiceCertificate [-FindType <X509FindType>] [-FindValue <String>] [-Root] [-StoreLocation <StoreLocation>] [-StoreName <StoreName>] [-UseInherited] [<CommonParameters>]

Parameter	Description
[-SiteName] <String> [[-VirtualPath] <String>]. [-Uri] <Uri>, -ApplicationObject <ApplicationInfo>, or -ServiceObject <ServiceInfo>	Operational scope of the cmdlet that resolves to a service.
-FindValue	Required. The lookup value of the certificate that will be used for service authentication and signing.
–StoreLocation	Optional. LocalMachine or CurrentUser
- StoreName	Optional. Allowed values include AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher.
-X509FindType	Optional. Allowed values include FindByThumbprint, FindBySubjectName, FindBySubjectDistinguishedName, FindByIssuerName, FindByIssuerDistinguishedName, FindBySerialNumber, FindByTimeValid, FindByTimeNotYetValid, FindByTemplateName, FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByKeyUsage, and FindBySubjectKeyIdentifier.
-CertificateNavigationProviderItem	Optional. If specified, uses the certificate specified by this object to the service specified on the command line.
-UseInherited	If specified, the certificate in use is not defined locally, but rather is inherited from a parent level. For instance, if a certificate is defined at the site scope and another certificate is defined at the application scope, you could go to the application scope and run Set-ASAppServiceCertificate –UseInherited to ensure that the certificate is no longer defined at the application scope (meaning the certificate defined at the site scope would be inherited).

To get the security certificate

In the Windows PowerShell console, execute the Get-ASAppServiceCertificate cmdlet to retrieve the information by which a certificate is located for use by a service’s secure endpoints. This cmdlet returns either Null or a ServiceCertificateInfo object describing the service certificate.

Syntax options for Get-ASAppServiceCertificate: