PowerShell PKI Module Documentation
Documentation HomeSet-CertificateValidityPeriod
Synopsis
Sets maximum validity period for issued certificates.
Syntax
Set-CertificateValidityPeriod [-InputObject] <CertValiditySetting[]> [-ValidityPeriod] <String> [-RestartCA] [<CommonParameters>]
Description
Sets maximum validity period for issued certificates. This setting is not absolute. Certificate actual validity period is the lesser value of the following:
for Standalone CA:
– estimated CA certificate validity period
– ValidityPeriod parameter value.
for Enterprise CA:
– estimated CA certificate validity period
– certificate template validity period value
– ValidityPeriod parameter value.
Parameters
-InputObject <CertValiditySetting[]>
Must be existing CertValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CertificateValidityPeriod command.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-ValidityPeriod <String>
Specifies new issed certificate validity settings. Must be set in the format: 'Digit PeriodUnit'. For example, '5 years'. Possible values for PeriodUnit are:
– Hours
– Days
– Weeks
– Months
– Years
| Required? | True |
| Position? | 1 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-RestartCA <SwitchParameter>
Restarts CA service on the specified CA server to immediately apply changes.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
PKI.CertificateServices.CertValidityPeriod
Outputs
PKI.CertificateServices.CertValidityPeriod
Notes
Examples
Example 1
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "10 years" -RestartCA
Sets certificate issued certificate validity period to '10 years'. After configuration is changed, the command will restart certificate services to immediately apply changes.
Example 2
PS C:\> Get-CertificationAuthority | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "5 years" -RestartCA
Sets certificate issued certificate validity period to '5 years' for all Enterprise CAs in the current forest and restarts CA service. After configuration is changed, the command will restart certificate services to immediately apply changes.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Get-CertificateValidityPeriod
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions