LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page

Was this helpful?

  1. Certificate Management
  2. Enrollment REST API
  3. API Enrollment

Windows Server

Applicable to SCEPman version 2.9 and above

The cmdlet Update-CertificateViaEST (contained in the SCEPman powershell module) locates certificates issued by SCEPman in either the user or machine certificate stores and renews them using mTLS. Note that this cmdlet (unlike other parts of the powershell module) can only be used on Windows devices.

Parameters

This cmdlet has two parameter sets, Direct, which allows you to pass in a certificate directly and renew it, and Search which searches the My store for SCEPman issued certificates and renews them. The parameters included in these sets are detailed below:

Direct

Parameter
Optional?
Description

-AppServiceUrl

Yes

The URL of your SCEPman app service.

-Certificate

No

Certificate object that is to be renewed

Example command:

 $cert = Get-Item -Path "Cert:\CurrentUser\My\1234567890ABCDEF1234567890ABCDEF12345678"
 Update-CertificateViaEST -AppServiceUrl "https://scepman.contoso.de/" -Certificate $cert

Search

Parameter
Optional?
Description

-AppServiceUrl

Yes

The URL of your SCEPman app service.

-User or -Machine

No

Specifies whether you would like to renew certificates from the user or machine store. One of these must be specified. (note that to edit the machine store you must run the command as admin).

-FilterString

Yes

Will only renew certificates whose Subject field contains the filter string.

-ValidityThresholdDays

Yes

Will only renew certificates that are within this number of days of expiry (default value is 30).

-AllowInvalid

Yes

If specified, the cmdlet will also renew invalid (expired) certificates.

Example command:

Update-CertificateViaEST -AppServiceUrl "https://scepman.contoso.de/" -User -ValidityThresholdDays 100 -FilterString "certificate"

Last updated 3 months ago

Was this helpful?