Skip to content

Invoke-EntraServicePrincipalCertificate

SYNOPSIS

Manages certificates for Microsoft Entra service principals.

SYNTAX

Invoke-EntraServicePrincipalCertificate [[-appid] <String>] [[-ServicePrincipalName] <String>]
 [[-MDAPPGUID] <String>] [[-certTemplate] <String>] [[-passwordListID] <Int32>] [[-TaskNumber] <String>]
 [-update] [-onderwijs]

DESCRIPTION

The `Invoke-EntraServicePrincipalCertificate` function manages certificates for Microsoft Entra service principals. It retrieves the current certificate, checks its validity, and replaces it if necessary. The function supports connecting to different tenants, generating new certificates, and updating the service principal with the new certificate details.

EXAMPLES

EXAMPLE 1

Invoke-EntraServicePrincipalCertificate -appid "12345-abcde-67890-fghij" -update

Replaces the certificate for the service principal with the specified application ID.

EXAMPLE 2

Invoke-EntraServicePrincipalCertificate -ServicePrincipalName "MyApp" -onderwijs

Manages the certificate for the service principal "MyApp" in the "onderwijs" tenant.

EXAMPLE 3

Reset-EntraServicePrincipalCertificate -appid "12345-abcde-67890-fghij"

Uses the alias `Reset-EntraServicePrincipalCertificate` to manage the certificate for the specified service principal.

PARAMETERS

-appid

The application ID of the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ServicePrincipalName

The display name of the service principal. If not specified, the `appid` is used to locate the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MDAPPGUID

The GUID of the managed application associated with the service principal.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-certTemplate

The certificate template to use for generating a new certificate. Defaults to `_D09-CA2-SHA256-EntraID`.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: _D09-CA2-SHA256-EntraID
Accept pipeline input: False
Accept wildcard characters: False

-passwordListID

The ID of the PasswordState password list where the certificate details will be stored. Defaults to `6691`.

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: 6691
Accept pipeline input: False
Accept wildcard characters: False

-TaskNumber

The task number associated with the operation. Defaults to `T0000000`.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: T0000000
Accept pipeline input: False
Accept wildcard characters: False

-update

A switch parameter that, when specified, forces the replacement of the certificate even if it is still valid.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-onderwijs

A switch parameter that, when specified, connects to the "onderwijs" tenant.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

INPUTS

OUTPUTS

NOTES