New-ServicePrincipalCertificate
SYNOPSIS
Creates a new certificate for a service principal in Azure Active Directory.
SYNTAX
New-ServicePrincipalCertificate [[-servicefullname] <String>] [[-CertificatePFXFilePath] <String>]
[[-appID] <String>] [[-certTemplate] <String>] [-MDAPPGUID] <String> [[-MDInstanceGUID] <String>]
[[-taskNumber] <String>] [[-pwdstateListID] <Int32>] [-noPwdstate] [<CommonParameters>]
DESCRIPTION
The `New-ServicePrincipalCertificate` function generates a new certificate for a specified service principal in Azure Active Directory. It creates and exports the certificate in `.pfx` and `.cer` formats, stores the certificate details in PasswordState, and removes the certificate from the local user store after export. The function supports specifying certificate templates, task numbers, and PasswordState configurations.
EXAMPLES
EXAMPLE 1
New-ServicePrincipalCertificate -servicefullname "MyService" -appID "12345-abcde-67890-fghij" -taskNumber "T12345"
Creates a new certificate for the service principal "MyService" and stores the details in PasswordState.
EXAMPLE 2
New-ServicePrincipalCertificate -servicefullname "MyService" -certTemplate "_D09-CA2-SHA256-EntraID" -noPwdstate
Creates a new certificate for the service principal "MyService" using the specified certificate template and skips storing the details in PasswordState.
PARAMETERS
-servicefullname
The full name of the service principal for which the certificate will be created.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-CertificatePFXFilePath
The file path where the `.pfx` and `.cer` certificate files will be stored. Defaults to a predefined directory.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: \\stadgent\Digipolis\Protected\Security\Certificaten\_D09-SHA256-Certificaten\_Client_Certs
Accept pipeline input: False
Accept wildcard characters: False
-appID
The application ID of the service principal.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-certTemplate
The certificate template to use for generating the certificate. Defaults to `_D09-CA2-SHA256-EntraID`.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: _D09-CA2-SHA256-EntraID
Accept pipeline input: False
Accept wildcard characters: False
-MDAPPGUID
The master GUID of the masterdata application associated with the service principal.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MDInstanceGUID
The instance GUID of the masterdata application associated with the service principal.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-taskNumber
The task number associated with the certificate creation.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-pwdstateListID
The PasswordState list ID where the certificate details will be stored. Defaults to `6691`.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 8
Default value: 6691
Accept pipeline input: False
Accept wildcard characters: False
-noPwdstate
A switch parameter that, when specified, skips storing the certificate details in PasswordState.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.