Set-FasKeyConfig
Synopsis
Sets the key configuration for the given certificate type
Syntax
Set-FasKeyConfig -CertificateType <String> [-CspType <Int32>] [-EllipticCurve <Boolean>]
[-Exportable <Boolean>] [-Ksp <Boolean>] [-Length <Int32>] [-Prefix <String>] [-Provider <String>]
[-UseDefaultSoftwareProvider] [-UseDefaultTpmProvider] [-Address <String>] [-UserName <String>]
[-Password <String>] [<CommonParameters>]
<!--NeedCopy-->
Description
Sets the key configuration used to create key-pairs for the given certificate type.
Note: It is possible to set invalid parameters; use Test-FasKeyConfig to check if the key configuration is working.
Note: Existing user and RA certificates are not affected by changes to the key configuration until they are renewed.
Note: Pre-created keys in the key pool which do not conform to the new configuration are destroyed.
Examples
Example 1
PS C:\> Set-FasKeyConfig -Address localhost -CertificateType ra -Length 4096
<!--NeedCopy-->
Sets the key configuration for RA certificates to use a 4096 bit key
Example 2
PS C:\> Set-FasKeyConfig -Address localhost -CertificateType ra -Provider "CustomkeyStorageProvider"
<!--NeedCopy-->
Sets the key configuration for RA certificates to use a custom provider (such as an HSM)
Example 3
PS C:\> Set-FasKeyConfig -Address localhost -CertificateType user -UseDefaultSoftwareProvider
<!--NeedCopy-->
Sets the key configuration for user certificates to use the default software key storage provider
Example 4
PS C:\> Set-FasKeyConfig -Address localhost -CertificateType ra -UseDefaultTpmProvider
<!--NeedCopy-->
Sets the key configuration for RA certificates to use the default TPM key storage provider
Parameters
-CertificateType
The type of certificate to set the key configuration for.
Valid options are ‘ra’ or ‘user’.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-CspType
The type of CSP (applicable only when Ksp is false), for example: PROV_RSA_AES is 24
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-EllipticCurve
If true, Elliptic Curve keys are created, otherwise RSA keys are created
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Exportable
Whether the private key can be exported from the provider
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Ksp
Flag to indicate whether the provider is a CSP or a KSP
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Length
The length of the key in bits
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Prefix
An optional prefix for the identifiers of key-pairs created by FAS
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Provider
The name of the provider used to create and store key-pairs
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-UseDefaultSoftwareProvider
Use the default provider (i.e. ‘Microsoft Software Key Storage Provider’)
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-UseDefaultTpmProvider
Use the default TPM provider (i.e. ‘Microsoft Platform Crypto Provider)
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Address
Address of FAS Server (or $NULL to use $CitrixFasAddress)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-UserName
User name to use for authentication to FAS server ($NULL for current user account)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
-Password
Password for authentication to FAS server ($NULL for current user account)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
<!--NeedCopy-->
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.