Windows Server

Applicable to SCEPman version 2.9 and above

The cmdlet Update-CertificateViaEST (contained in the SCEPman powershell module) locates certificates issued by SCEPman in either the user or machine certificate stores and renews them using mTLS. Note that this cmdlet (unlike other parts of the powershell module) can only be used on Windows devices.

Parameters

This cmdlet has two parameter sets, Direct, which allows you to pass in a certificate directly and renew it, and Search which searches the My store for SCEPman issued certificates and renews them. The parameters included in these sets are detailed below:

Direct

Parameter

Optional?

Description

-AppServiceUrl

Yes

The URL of your SCEPman app service.

-Certificate

Certificate object that is to be renewed

Example command:

 $cert = Get-Item -Path "Cert:\CurrentUser\My\1234567890ABCDEF1234567890ABCDEF12345678"
 Update-CertificateViaEST -AppServiceUrl "https://scepman.contoso.de/" -Certificate $cert

Search

Parameter

Optional?

Description

-AppServiceUrl

Yes

The URL of your SCEPman app service.

-User or -Machine

Specifies whether you would like to renew certificates from the user or machine store. One of these must be specified. (note that to edit the machine store you must run the command as admin).

-FilterString

Yes

Will only renew certificates whose Subject field contains the filter string.

-ValidityThresholdDays

Yes

Will only renew certificates that are within this number of days of expiry (default value is 30).

-AllowInvalid

Yes

If specified, the cmdlet will also renew invalid (expired) certificates.

Example command:

Update-CertificateViaEST -AppServiceUrl "https://scepman.contoso.de/" -User -ValidityThresholdDays 100 -FilterString "certificate"

PreviousLinux Server NextSelf Service Enrollment

Last updated 4 days ago