diff --git a/src/KeyVault/KeyVault.Test/Models/PSKeyVaultCertificatePolicyTests.cs b/src/KeyVault/KeyVault.Test/Models/PSKeyVaultCertificatePolicyTests.cs
deleted file mode 100644
index a94ebc1de7dd..000000000000
--- a/src/KeyVault/KeyVault.Test/Models/PSKeyVaultCertificatePolicyTests.cs
+++ /dev/null
@@ -1,1660 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using Microsoft.Azure.Commands.KeyVault.Models;
-using Microsoft.Azure.ServiceManagement.Common.Models;
-using Microsoft.WindowsAzure.Commands.ScenarioTest;
-using System;
-using System.Collections.Generic;
-using Xunit;
-using Xunit.Abstractions;
-
-namespace Microsoft.Azure.Commands.KeyVault.Test.Models
-{
-    public class PSKeyVaultCertificatePolicyTests
-    {
-        public PSKeyVaultCertificatePolicyTests(ITestOutputHelper output)
-        {
-            XunitTracingInterceptor.AddToContext(new XunitTracingInterceptor(output));
-        }
-
-        #region Create CertificatePolicy Tests
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithNoKeyTypeAndKeySize_SucceedsWithRsaKeyTypeAnd2048KeySize()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: string.Empty,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, Constants.RSA);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(2048, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithRsaKeyTypeAndNoKeySize_SucceedsWith2048KeySize()
-        {
-            var keyType = Constants.RSAHSM;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(2048, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithRsaKeyTypeAndCurve_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.RSA,
-                    keySize: 0,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEccKeyTypeAndNoCurve_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 0,
-                    curve: string.Empty,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEcKeyTypeP256CurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P256;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEcKeyTypeP256KCurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P256K;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEcKeyTypeSECP256K1CurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.SECP256K1;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEcKeyTypeP384CurveAndNoKeySize_SucceedsWith384KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P384;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(384, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEcKeyTypeP521CurveAndNoKeySize_SucceedsWith521KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P521;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(521, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithRsaKeyTypeAnd256KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.RSA,
-                    keySize: 256,
-                    curve: string.Empty,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithRsaKeyTypeAnd384KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.RSA,
-                    keySize: 384,
-                    curve: string.Empty,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithRsaKeyTypeAnd521KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.RSA,
-                    keySize: 521,
-                    curve: string.Empty,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeAnd2048KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 2048,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeAnd3072KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 3072,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeAnd4096KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 4096,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeP256CurveAndNot256KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 1,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeP256KCurveAndNot256KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 1,
-                    curve: Constants.P256K,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeSECP256K1CurveAndNot256KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 1,
-                    curve: Constants.SECP256K1,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeP384CurveAndNot384KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 1,
-                    curve: Constants.P384,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithECKeyTypeP521CurveAndNot521KeySize_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 1,
-                    curve: Constants.P521,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithOneLifetimeAction_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: 1,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.NotNull(policy.RenewAtNumberOfDaysBeforeExpiry);
-            Assert.Equal(1, policy.RenewAtNumberOfDaysBeforeExpiry.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithMoreThanOneLifetimeAction_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: 1,
-                    renewAtPercentageLifetime: 1,
-                    emailAtNumberOfDaysBeforeExpiry: 1,
-                    emailAtPercentageLifetime: 1,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 256,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithNoEku_SucceedsWithNullEku()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: new List<string>(),
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Null(policy.Ekus);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEmptyEku_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: new List<string>() { string.Empty },
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 256,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithNoDnsName_SucceedsWithNullDnsName()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: new List<string>(),
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null);
-
-            Assert.Null(policy.Ekus);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithEmptyDnsName_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: new List<string>() { string.Empty },
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: string.Empty,
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 256,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void CreateCertificatePolicy_WithInValidSubjectName_ThrowsException()
-        {
-            Assert.Throws<ArgumentException>(
-                () => new PSKeyVaultCertificatePolicy(
-                    dnsNames: null,
-                    keyUsages: null,
-                    ekus: null,
-                    enabled: null,
-                    issuerName: string.Empty,
-                    certificateType: string.Empty,
-                    renewAtNumberOfDaysBeforeExpiry: null,
-                    renewAtPercentageLifetime: null,
-                    emailAtNumberOfDaysBeforeExpiry: null,
-                    emailAtPercentageLifetime: null,
-                    reuseKeyOnRenewal: null,
-                    secretContentType: string.Empty,
-                    subjectName: "SubjectName",
-                    validityInMonths: null,
-                    keyType: Constants.EC,
-                    keySize: 256,
-                    curve: Constants.P256,
-                    exportable: null,
-                    certificateTransparency: null));
-        }
-        #endregion
-
-        #region Validate CertificatePolicy Tests
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithNoKeyTypeAndKeySize_SucceedsWithRsaKeyTypeAnd2048KeySize()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: string.Empty,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, Constants.RSA);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(2048, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithRsaKeyTypeAndNoKeySize_SucceedsWith2048KeySize()
-        {
-            var keyType = Constants.RSAHSM;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(2048, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithRsaKeyTypeAndCurve_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.RSA,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                Curve = Constants.P256,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEccKeyTypeAndNoCurve_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                Curve = string.Empty,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEcKeyTypeP256CurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P256;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEcKeyTypeP256KCurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P256K;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEcKeyTypeSECP256K1CurveAndNoKeySize_SucceedsWith256KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.SECP256K1;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(256, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEcKeyTypeP384CurveAndNoKeySize_SucceedsWith384KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P384;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(384, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEcKeyTypeP521CurveAndNoKeySize_SucceedsWith521KeySize()
-        {
-            var keyType = Constants.EC;
-            var curve = Constants.P521;
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: keyType,
-                keySize: 0,
-                curve: curve,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Equal(policy.Kty, keyType);
-            Assert.Equal(policy.Curve, curve);
-            Assert.NotNull(policy.KeySize);
-            Assert.Equal(521, policy.KeySize.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithRsaKeyTypeAnd256KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.RSA,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize= 256,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithRsaKeyTypeAnd384KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.RSA,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 384,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithRsaKeyTypeAnd521KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.RSA,
-                keySize: 0,
-                curve: string.Empty,
-                exportable: null,
-                certificateTransparency: null)
-                {
-                    KeySize = 521,
-                };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeAnd2048KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 2048,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeAnd3072KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 3072,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeAnd4096KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 4096,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeP256CurveAndNot256KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeP256KCurveAndNot256KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P256K,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeSECP256K1CurveAndNot256KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.SECP256K1,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeP384CurveAndNot384KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P384,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithECKeyTypeP521CurveAndNot521KeySize_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 0,
-                curve: Constants.P521,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                KeySize = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithOneLifetimeAction_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                RenewAtNumberOfDaysBeforeExpiry = 1,
-            };
-            policy.Validate();
-
-            Assert.NotNull(policy.RenewAtNumberOfDaysBeforeExpiry);
-            Assert.Equal(1, policy.RenewAtNumberOfDaysBeforeExpiry.Value);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithMoreThanOneLifetimeAction_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                RenewAtNumberOfDaysBeforeExpiry = 1,
-                RenewAtPercentageLifetime = 1,
-                EmailAtNumberOfDaysBeforeExpiry = 1,
-                EmailAtPercentageLifetime = 1,
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithNoEku_SucceedsWithNullEku()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: new List<string>(),
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null);
-
-            policy.Validate();
-            Assert.Null(policy.Ekus);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEmptyEku_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                Ekus = new List<string>() { string.Empty },
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithNoDnsName_SucceedsWithNullDnsName()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: new List<string>(),
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null);
-            policy.Validate();
-
-            Assert.Null(policy.Ekus);
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithEmptyDnsName_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                DnsNames = new List<string>() { string.Empty },
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void ValidateCertificatePolicy_WithInValidSubjectName_ThrowsException()
-        {
-            var policy = new PSKeyVaultCertificatePolicy(
-                dnsNames: null,
-                keyUsages: null,
-                ekus: null,
-                enabled: null,
-                issuerName: string.Empty,
-                certificateType: string.Empty,
-                renewAtNumberOfDaysBeforeExpiry: null,
-                renewAtPercentageLifetime: null,
-                emailAtNumberOfDaysBeforeExpiry: null,
-                emailAtPercentageLifetime: null,
-                reuseKeyOnRenewal: null,
-                secretContentType: string.Empty,
-                subjectName: string.Empty,
-                validityInMonths: null,
-                keyType: Constants.EC,
-                keySize: 256,
-                curve: Constants.P256,
-                exportable: null,
-                certificateTransparency: null)
-            {
-                SubjectName = "SubjectName",
-            };
-
-            Assert.Throws<ArgumentException>(() => policy.Validate());
-        }
-        #endregion
-    }
-}
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
index e566d3e116b2..c0c32d3211fb 100644
--- a/src/KeyVault/KeyVault/ChangeLog.md
+++ b/src/KeyVault/KeyVault/ChangeLog.md
@@ -19,8 +19,6 @@
 -->
 ## Upcoming Release
 * Fixed error accessing value that is potentially not set
-* Elliptic Curve Cryptography Certificate Managment
-    - Added support to specify the Curve for Certificate Policies
 
 ## Version 1.3.1
 * Fixed miscellaneous typos across module
diff --git a/src/KeyVault/KeyVault/Commands/Constants.cs b/src/KeyVault/KeyVault/Commands/Constants.cs
index 4607e655cf72..387a56cbaced 100644
--- a/src/KeyVault/KeyVault/Commands/Constants.cs
+++ b/src/KeyVault/KeyVault/Commands/Constants.cs
@@ -17,13 +17,6 @@ public static class Constants
         public const string StorageAccountName = "StorageAccountName";
         public const string StorageAccountResourceId = "StorageAccountResourceId";
         public const string TagsAlias = "Tags";
-        public const string EC = "EC";
-        public const string ECHSM = "EC-HSM";
-        public const string P256 = "P-256";
-        public const string P384 = "P-384";
-        public const string P521 = "P-521";
-        public const string P256K = "P-256K";
-        public const string SECP256K1 = "SECP256K1";
     }
 
     public static class CmdletNoun
diff --git a/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs b/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
index 4fc2eb255fe2..446d3c75699d 100644
--- a/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
+++ b/src/KeyVault/KeyVault/Commands/NewAzureKeyVaultCertificatePolicy.cs
@@ -15,7 +15,6 @@
 using Microsoft.Azure.Commands.KeyVault.Models;
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Management.Automation;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
@@ -168,70 +167,124 @@ public class NewAzureKeyVaultCertificatePolicy : KeyVaultCmdletBase
         /// </summary>
         [Parameter(Mandatory = false, 
                    ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the key type of the key backing the certificate. Default is RSA.")]
-        [ValidateSet(Constants.RSA, Constants.RSAHSM, Constants.EC, Constants.ECHSM)]
+                   HelpMessage = "Specifies the key type of the key backing the certificate.")]
+        [ValidateSet(Constants.RSA, Constants.RSAHSM)]
         public string KeyType { get; set; }
 
-        /// <summary>
-        /// Key size
-        /// </summary>
-        [Parameter(Mandatory = false,
-                   ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the key size of the certificate. Default is 2048.")]
-        [ValidateSet("2048", "3072", "4096", "256", "384", "521")]
-        public int KeySize { get; set; }
+      /// <summary>
+      /// Key size
+      /// </summary>
+      [Parameter(Mandatory = false,
+                 ValueFromPipelineByPropertyName = true,
+                 HelpMessage = "Specifies the key size of the certificate.")]
+      [ValidateSet("2048", "3072", "4096")]
+      public int KeySize { get; set; } = 2048;
 
         /// <summary>
         /// KeyNotExportable
         /// </summary>
-        [Parameter(Mandatory = false,
+        [Parameter(Mandatory = false, 
                    ValueFromPipelineByPropertyName = true,
                    HelpMessage = "Specifies whether the key is not exportable.")]
         public SwitchParameter KeyNotExportable { get; set; }
 
-
-        [Parameter(Mandatory = false, 
-                   ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Indicates whether certificate transparency is enabled for this certificate/issuer; if not specified, the default is 'true'")]
-        public bool? CertificateTransparency { get; set; }
-
-        /// <summary>
-        /// Elliptic Curve Name of the key
-        /// </summary>
-        [Parameter(Mandatory = false,
-                   ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the elliptic curve name of the key of the ECC certificate.")]
-        [ValidateSet(Constants.P256, Constants.P384, Constants.P521, Constants.P256K, Constants.SECP256K1)]
-        public string Curve { get; set; }
         #endregion
 
         public override void ExecuteCmdlet()
         {
             if (ShouldProcess(string.Empty, Properties.Resources.CreateCertificatePolicy))
             {
-                var policy = new PSKeyVaultCertificatePolicy(
-                    DnsName,
-                    (KeyUsage == null || !KeyUsage.Any()) ? null : KeyUsage.Select(keyUsage => keyUsage.ToString()).ToList<string>(),
-                    Ekus,
-                    !Disabled.IsPresent,
-                    IssuerName,
-                    CertificateType,
-                    RenewAtNumberOfDaysBeforeExpiry,
-                    RenewAtPercentageLifetime,
-                    EmailAtNumberOfDaysBeforeExpiry,
-                    EmailAtPercentageLifetime,
-                    ReuseKeyOnRenewal.IsPresent,
-                    SecretContentType,
-                    SubjectName,
-                    ValidityInMonths,
-                    KeyType,
-                    KeySize,
-                    Curve,
-                    KeyNotExportable.IsPresent ? !KeyNotExportable.IsPresent : (bool?)null,
-                    CertificateTransparency ?? (bool?)null);
+                // Validate input parameters
+                ValidateSubjectName();
+                ValidateDnsNames();
+                ValidateEkus();
+                ValidateBothPercentageAndNumberOfDaysAreNotPresent();
+
+                List<String> convertedKeyUsage = null;
+                if (KeyUsage != null)
+                {
+                    convertedKeyUsage = new List<string>();
+                    foreach (var key in KeyUsage)
+                    {
+                        convertedKeyUsage.Add(key.ToString());
+                    }
+                }
+
+                var policy = new PSKeyVaultCertificatePolicy
+                {
+                  DnsNames = DnsName,
+                  KeyUsage = convertedKeyUsage,
+                  Ekus = Ekus,
+                  Enabled = !Disabled.IsPresent,
+                  IssuerName = IssuerName,
+                  CertificateType = CertificateType,
+                  RenewAtNumberOfDaysBeforeExpiry = RenewAtNumberOfDaysBeforeExpiry,
+                  RenewAtPercentageLifetime = RenewAtPercentageLifetime,
+                  EmailAtNumberOfDaysBeforeExpiry = EmailAtNumberOfDaysBeforeExpiry,
+                  EmailAtPercentageLifetime = EmailAtPercentageLifetime,
+                  ReuseKeyOnRenewal = ReuseKeyOnRenewal.IsPresent,
+                  SecretContentType = SecretContentType,
+                  SubjectName = SubjectName,
+                  ValidityInMonths = ValidityInMonths,
+                  Kty = KeyType,
+                  KeySize = KeySize,
+                  Exportable = KeyNotExportable.IsPresent ? !KeyNotExportable.IsPresent : (bool?)null
+                };
 
                 this.WriteObject(policy);
             }
         }
+
+        private void ValidateBothPercentageAndNumberOfDaysAreNotPresent()
+        {
+            if (MyInvocation.BoundParameters.ContainsKey("RenewAtNumberOfDaysBeforeExpiry") &&
+                MyInvocation.BoundParameters.ContainsKey("RenewAtPercentageLifetime"))
+            {
+                throw new ArgumentException("Both RenewAtNumberOfDaysBeforeExpiry and RenewAtPercentageLifetime cannot be specified.");
+            }
+        }
+
+        private void ValidateEkus()
+        {
+            if (Ekus != null)
+            {
+                foreach (var eku in Ekus)
+                {
+                    if (string.IsNullOrWhiteSpace(eku))
+                    {
+                        throw new ArgumentException("One of the EKUs provided is empty.");
+                    }
+                }
+            }
+        }
+
+        private void ValidateDnsNames()
+        {
+            if (DnsName != null)
+            {
+                foreach (var dnsName in DnsName)
+                {
+                    if (string.IsNullOrWhiteSpace(dnsName))
+                    {
+                        throw new ArgumentException("One of the DNS names provided is empty.");
+                    }
+                }
+            }
+        }
+
+        private void ValidateSubjectName()
+        {
+            if (SubjectName != null)
+            {
+                try
+                {
+                    new X500DistinguishedName(SubjectName);
+                }
+                catch (CryptographicException e)
+                {
+                    throw new ArgumentException("The subject name provided is not a valid X500 name.", e);
+                }
+            }
+        }
     }
 }
diff --git a/src/KeyVault/KeyVault/Commands/SetAzureKeyVaultCertificatePolicy.cs b/src/KeyVault/KeyVault/Commands/SetAzureKeyVaultCertificatePolicy.cs
index 656263bd8a6e..e2520ab55f21 100644
--- a/src/KeyVault/KeyVault/Commands/SetAzureKeyVaultCertificatePolicy.cs
+++ b/src/KeyVault/KeyVault/Commands/SetAzureKeyVaultCertificatePolicy.cs
@@ -16,7 +16,6 @@
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Management.Automation;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
@@ -223,8 +222,8 @@ public class SetAzureKeyVaultCertificatePolicy : KeyVaultCmdletBase
         /// Key type
         /// </summary>
         [Parameter(Mandatory = false,
-                   HelpMessage = "Specifies the key type of the key backing the certificate. Default is RSA.")]
-        [ValidateSet(Constants.RSA, Constants.RSAHSM, Constants.EC, Constants.ECHSM)]
+                   HelpMessage = "Specifies the key type of the key backing the certificate.")]
+        [ValidateSet(Constants.RSA, Constants.RSAHSM)]
         public string KeyType { get; set; }
 
         /// <summary>
@@ -232,9 +231,9 @@ public class SetAzureKeyVaultCertificatePolicy : KeyVaultCmdletBase
         /// </summary>
         [Parameter(Mandatory = false,
                    ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the key size of the certificate. Default is 2048.")]
-        [ValidateSet("2048", "3072", "4096", "256", "384", "521")]
-        public int KeySize { get; set; }
+                   HelpMessage = "Specifies the key size of the certificate.")]
+        [ValidateSet("2048", "3072", "4096")]
+        public int KeySize { get; set; } = 2048;
 
         /// <summary>
         /// KeyNotExportable
@@ -256,15 +255,6 @@ public class SetAzureKeyVaultCertificatePolicy : KeyVaultCmdletBase
         /// </summary>
         [Parameter(HelpMessage = "This cmdlet does not return an object by default. If this switch is specified, it returns the policy object.")]
         public SwitchParameter PassThru { get; set; }
-
-        /// <summary>
-        /// Elliptic Curve Name of the key
-        /// </summary>
-        [Parameter(Mandatory = false,
-                   ValueFromPipelineByPropertyName = true,
-                   HelpMessage = "Specifies the elliptic curve name of the key of the ECC certificate.")]
-        [ValidateSet(Constants.P256, Constants.P384, Constants.P521, Constants.P256K, Constants.SECP256K1)]
-        public string Curve { get; set; }
         #endregion
 
         public override void ExecuteCmdlet()
@@ -277,30 +267,51 @@ public override void ExecuteCmdlet()
                 {
                     case ExpandedRenewNumberParameterSet:
                     case ExpandedRenewPercentageParameterSet:
-                        policy = new PSKeyVaultCertificatePolicy(
-                            DnsName,
-                            (KeyUsage == null || !KeyUsage.Any()) ? null : KeyUsage.Select(keyUsage => keyUsage.ToString()).ToList<string>(),
-                            Ekus,
-                            !Disabled.IsPresent,
-                            IssuerName,
-                            CertificateType,
-                            RenewAtNumberOfDaysBeforeExpiry,
-                            RenewAtPercentageLifetime,
-                            EmailAtNumberOfDaysBeforeExpiry,
-                            EmailAtPercentageLifetime,
-                            ReuseKeyOnRenewal,
-                            SecretContentType,
-                            SubjectName,
-                            ValidityInMonths,
-                            KeyType,
-                            KeySize,
-                            Curve,
-                            KeyNotExportable.IsPresent ? !KeyNotExportable.IsPresent : (bool?)null,
-                            CertificateTransparency ?? (bool?)null);
+
+                        // Validate input parameters
+                        ValidateSubjectName();
+                        ValidateDnsNames();
+                        ValidateEkus();
+
+                        List<string> convertedKeyUsage = null;
+                        if (KeyUsage != null)
+                        {
+                            convertedKeyUsage = new List<string>();
+                            foreach (var key in KeyUsage)
+                            {
+                                convertedKeyUsage.Add(key.ToString());
+                            }
+                        }
+
+                        policy = new PSKeyVaultCertificatePolicy
+                        {
+                            DnsNames = DnsName,
+                            KeyUsage = convertedKeyUsage,
+                            Ekus = Ekus,
+                            Enabled = !Disabled.IsPresent,
+                            IssuerName = IssuerName,
+                            CertificateType = CertificateType,
+                            RenewAtNumberOfDaysBeforeExpiry = RenewAtNumberOfDaysBeforeExpiry,
+                            RenewAtPercentageLifetime = RenewAtPercentageLifetime,
+                            EmailAtNumberOfDaysBeforeExpiry = EmailAtNumberOfDaysBeforeExpiry,
+                            EmailAtPercentageLifetime = EmailAtPercentageLifetime,
+                            SecretContentType = SecretContentType,
+                            SubjectName = SubjectName,
+                            ValidityInMonths = ValidityInMonths,
+                            Kty = KeyType,
+                            KeySize = KeySize,
+                            Exportable = KeyNotExportable.IsPresent ? !KeyNotExportable.IsPresent : (bool?)null,
+                            CertificateTransparency = CertificateTransparency ?? (bool?)null
+                        };
+
+                        if (MyInvocation.BoundParameters.ContainsKey("ReuseKeyOnRenewal"))
+                        {
+                            policy.ReuseKeyOnRenewal = ReuseKeyOnRenewal;
+                        }
+
                         break;
 
                     case ByValueParameterSet:
-                        InputObject.Validate();
                         policy = InputObject;
                         break;
                 }
@@ -313,5 +324,48 @@ public override void ExecuteCmdlet()
                 }
             }
         }
+
+        private void ValidateEkus()
+        {
+            if (Ekus != null)
+            {
+                foreach (var eku in Ekus)
+                {
+                    if (string.IsNullOrWhiteSpace(eku))
+                    {
+                        throw new ArgumentException("One of the EKUs provided is empty.");
+                    }
+                }
+            }
+        }
+
+        private void ValidateDnsNames()
+        {
+            if (DnsName != null)
+            {
+                foreach (var dnsName in DnsName)
+                {
+                    if (string.IsNullOrWhiteSpace(dnsName))
+                    {
+                        throw new ArgumentException("One of the DNS names provided is empty.");
+                    }
+                }
+            }
+        }
+
+        private void ValidateSubjectName()
+        {
+            if (SubjectName != null)
+            {
+                try
+                {
+                    new X500DistinguishedName(SubjectName);
+                }
+                catch (CryptographicException e)
+                {
+                    throw new ArgumentException("The subject name provided is not a valid X500 name.", e);
+                }
+            }
+        }
     }
 }
diff --git a/src/KeyVault/KeyVault/Models/PSKeyVaultCertificatePolicy.cs b/src/KeyVault/KeyVault/Models/PSKeyVaultCertificatePolicy.cs
index a778824eced7..b578d59b7015 100644
--- a/src/KeyVault/KeyVault/Models/PSKeyVaultCertificatePolicy.cs
+++ b/src/KeyVault/KeyVault/Models/PSKeyVaultCertificatePolicy.cs
@@ -16,8 +16,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
 
 namespace Microsoft.Azure.Commands.KeyVault.Models
 {
@@ -26,7 +24,6 @@ public class PSKeyVaultCertificatePolicy
         public string SecretContentType { get; set; }
         public string Kty { get; set; }
         public int? KeySize { get; set; }
-        public string Curve { get; set; }
         public bool? Exportable { get; set; }
         public bool? ReuseKeyOnRenewal { get; set; }
         public string SubjectName { get; set; }
@@ -50,63 +47,6 @@ public PSKeyVaultCertificatePolicy()
         {
         }
 
-        public PSKeyVaultCertificatePolicy(
-            IList<string> dnsNames,
-            IList<string> keyUsages,
-            IList<string> ekus,
-            bool? enabled,
-            string issuerName,
-            string certificateType,
-            int? renewAtNumberOfDaysBeforeExpiry,
-            int? renewAtPercentageLifetime,
-            int? emailAtNumberOfDaysBeforeExpiry,
-            int? emailAtPercentageLifetime,
-            bool? reuseKeyOnRenewal,
-            string secretContentType,
-            string subjectName,
-            int? validityInMonths,
-            string keyType,
-            int keySize,
-            string curve,
-            bool? exportable,
-            bool? certificateTransparency)
-        {
-            ValidateInternal(
-                dnsNames,
-                ekus,
-                renewAtNumberOfDaysBeforeExpiry,
-                renewAtPercentageLifetime,
-                emailAtNumberOfDaysBeforeExpiry,
-                emailAtPercentageLifetime,
-                subjectName,
-                keyType,
-                keySize,
-                curve);
-
-            var keyTypeToUse = GetDefaultKeyTypeIfNotSpecified(keyType);
-            var keySizeToUse = GetDefaultKeySizeIfNotSpecified(keyTypeToUse, curve, keySize);
-
-            DnsNames = (dnsNames == null || !dnsNames.Any()) ? null : dnsNames.ToList();
-            KeyUsage = (keyUsages == null || !keyUsages.Any()) ? null : keyUsages.ToList();
-            Ekus = (ekus == null || !ekus.Any()) ? null : ekus.ToList();
-            Enabled = enabled;
-            IssuerName = issuerName;
-            CertificateType = certificateType;
-            RenewAtNumberOfDaysBeforeExpiry = renewAtNumberOfDaysBeforeExpiry;
-            RenewAtPercentageLifetime = renewAtPercentageLifetime;
-            EmailAtNumberOfDaysBeforeExpiry = emailAtNumberOfDaysBeforeExpiry;
-            EmailAtPercentageLifetime = emailAtPercentageLifetime;
-            ReuseKeyOnRenewal = reuseKeyOnRenewal;
-            SecretContentType = secretContentType;
-            SubjectName = subjectName;
-            ValidityInMonths = validityInMonths;
-            Kty = keyTypeToUse;
-            Curve = curve;
-            KeySize = keySizeToUse;
-            Exportable = exportable;
-            CertificateTransparency = certificateTransparency;
-        }
-
         internal CertificatePolicy ToCertificatePolicy()
         {
             var certificatePolicy = new CertificatePolicy();
@@ -118,7 +58,6 @@ internal CertificatePolicy ToCertificatePolicy()
 
             if (!string.IsNullOrWhiteSpace(Kty) ||
                 KeySize.HasValue ||
-                !string.IsNullOrWhiteSpace(Curve) ||
                 ReuseKeyOnRenewal.HasValue ||
                 Exportable.HasValue)
             {
@@ -126,7 +65,6 @@ internal CertificatePolicy ToCertificatePolicy()
                 {
                     KeyType = Kty,
                     KeySize = KeySize,
-                    Curve = Curve,
                     Exportable = Exportable,
                     ReuseKey = ReuseKeyOnRenewal,
                 };
@@ -281,7 +219,6 @@ internal static PSKeyVaultCertificatePolicy FromCertificatePolicy(CertificatePol
                 SecretContentType = certificatePolicy.SecretProperties == null ? null : certificatePolicy.SecretProperties.ContentType,
                 Kty = certificatePolicy.KeyProperties == null ? null : certificatePolicy.KeyProperties.KeyType,
                 KeySize = certificatePolicy.KeyProperties == null ? null : certificatePolicy.KeyProperties.KeySize,
-                Curve = certificatePolicy.KeyProperties == null ? null : certificatePolicy.KeyProperties.Curve,
                 Exportable = certificatePolicy.KeyProperties == null ? null : certificatePolicy.KeyProperties.Exportable,
                 ReuseKeyOnRenewal = certificatePolicy.KeyProperties == null ? null : certificatePolicy.KeyProperties.ReuseKey,
                 SubjectName = certificatePolicy.X509CertificateProperties == null ? null : certificatePolicy.X509CertificateProperties.Subject,
@@ -326,222 +263,5 @@ internal static PSKeyVaultCertificatePolicy FromCertificatePolicy(CertificatePol
 
             return intValueGetter(lifetimeAction.Trigger);
         }
-
-        private void ValidateInternal(
-            IList<string> dnsNames,
-            IList<string> ekus,
-            int? renewAtNumberOfDaysBeforeExpiry,
-            int? renewAtPercentageLifetime,
-            int? emailAtNumberOfDaysBeforeExpiry,
-            int? emailAtPercentageLifetime,
-            string subjectName,
-            string keyType,
-            int keySize,
-            string curve)
-        {
-            var keyTypeToUse = GetDefaultKeyTypeIfNotSpecified(keyType);
-            ValidateKeyTypeAndCurve(keyTypeToUse, curve);
-
-            var keySizeToUse = GetDefaultKeySizeIfNotSpecified(keyTypeToUse, curve, keySize);
-            ValidateKeyTypeAndKeySize(keyTypeToUse, keySizeToUse);
-            ValidateCurveAndKeySize(curve, keySizeToUse);
-
-            ValidatePercentageAndNumberOfDaysForEmailAndRenew(renewAtNumberOfDaysBeforeExpiry, renewAtPercentageLifetime, emailAtNumberOfDaysBeforeExpiry, emailAtPercentageLifetime);
-            ValidateEkus(ekus);
-            ValidateDnsNames(dnsNames);
-            ValidateSubjectName(subjectName);
-        }
-
-        public void Validate()
-        {
-            ValidateInternal(
-                DnsNames,
-                Ekus,
-                RenewAtNumberOfDaysBeforeExpiry,
-                RenewAtPercentageLifetime,
-                EmailAtNumberOfDaysBeforeExpiry,
-                EmailAtPercentageLifetime,
-                SubjectName,
-                Kty,
-                KeySize ?? 0,
-                Curve);
-        }
-
-        private string GetDefaultKeyTypeIfNotSpecified(string keyType)
-        {
-            return string.IsNullOrWhiteSpace(keyType) ? Constants.RSA : keyType;
-        }
-
-        private void ValidateKeyTypeAndCurve(string keyType, string curve)
-        {
-            if (Constants.RSA.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                Constants.RSAHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-            {
-                if (!string.IsNullOrWhiteSpace(curve))
-                {
-                    throw new ArgumentException($"Curve cannot be specified with {keyType} key type.");
-                }
-            }
-
-            if (Constants.EC.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                Constants.ECHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-            {
-                if (string.IsNullOrWhiteSpace(curve))
-                {
-                    throw new ArgumentException($"Curve must be specified with {keyType} key type.");
-                }
-            }
-        }
-
-        private int GetDefaultKeySizeIfNotSpecified(string keyType, string curve, int keySize)
-        {
-            if (keySize == 0)
-            {
-                if (Constants.RSA.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                    Constants.RSAHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-                {
-                    return 2048;
-                }
-
-                if (Constants.EC.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                    Constants.ECHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-                {
-                    if (Constants.P256.Equals(curve, StringComparison.OrdinalIgnoreCase) ||
-                        Constants.P256K.Equals(curve, StringComparison.OrdinalIgnoreCase) ||
-                        Constants.SECP256K1.Equals(curve, StringComparison.OrdinalIgnoreCase))
-                    {
-                        return 256;
-                    }
-
-                    if (Constants.P384.Equals(curve, StringComparison.OrdinalIgnoreCase))
-                    {
-                        return 384;
-                    }
-
-                    if (Constants.P521.Equals(curve, StringComparison.OrdinalIgnoreCase))
-                    {
-                        return 521;
-                    }
-                }
-            }
-
-            return keySize;
-        }
-
-        private void ValidateKeyTypeAndKeySize(string keyType, int keySize)
-        {
-            if (Constants.RSA.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                Constants.RSAHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-            {
-                if (keySize == 256 || keySize == 384 || keySize == 521)
-                {
-                    throw new ArgumentException($"{keySize} cannot be specified with {keyType} key type. Valid values for KeySize are: 2048, 3084, and 4096.");
-                }
-            }
-
-            if (Constants.EC.Equals(keyType, StringComparison.OrdinalIgnoreCase) ||
-                Constants.ECHSM.Equals(keyType, StringComparison.OrdinalIgnoreCase))
-            {
-                 if (keySize == 2048 || keySize == 3084 || keySize == 4096)
-                 {
-                     throw new ArgumentException($"{keySize} cannot be specified with {keyType} key type. Valid values for KeySize are: 256, 384, and 521.");
-                 }
-            }
-        }
-
-        private void ValidateCurveAndKeySize(string curve, int keySize)
-        {
-            if (string.IsNullOrWhiteSpace(curve))
-            {
-                return;
-            }
-
-            if (Constants.P256.Equals(curve, StringComparison.OrdinalIgnoreCase) ||
-                Constants.P256K.Equals(curve, StringComparison.OrdinalIgnoreCase) ||
-                Constants.SECP256K1.Equals(curve, StringComparison.OrdinalIgnoreCase))
-            {
-                if (keySize != 256)
-                {
-                    throw new ArgumentException($"Only key size of 256 is allowed with {curve}.");
-                }
-            }
-
-            if (Constants.P384.Equals(curve, StringComparison.OrdinalIgnoreCase))
-            {
-                if (keySize != 384)
-                {
-                    throw new ArgumentException($"Only key size of 384 is allowed with {curve}.");
-                }
-            }
-
-            if (Constants.P521.Equals(curve, StringComparison.OrdinalIgnoreCase))
-            {
-                if (keySize != 521)
-                {
-                    throw new ArgumentException($"Only key size of 521 is allowed with {curve}.");
-                }
-            }
-        }
-
-        private void ValidatePercentageAndNumberOfDaysForEmailAndRenew(
-            int? renewAtNumberOfDaysBeforeExpiry,
-            int? renewAtPercentageLifetime,
-            int? emailAtNumberOfDaysBeforeExpiry,
-            int? emailAtPercentageLifetime)
-        {
-            if (renewAtNumberOfDaysBeforeExpiry.HasValue && renewAtPercentageLifetime.HasValue && emailAtNumberOfDaysBeforeExpiry.HasValue && emailAtPercentageLifetime.HasValue)
-            {
-                throw new ArgumentException("Only one of the values for RenewAtNumberOfDaysBeforeExpiry, RenewAtPercentageLifetime, EmailAtNumberOfDaysBeforeExpiry, EmailAtPercentageLifetime can be specified.");
-            }
-        }
-
-        private void ValidateEkus(IList<string> ekus)
-        {
-            if (ekus == null || !ekus.Any())
-            {
-                return;
-            }
-
-            foreach (var eku in ekus)
-            {
-                if (string.IsNullOrWhiteSpace(eku))
-                {
-                    throw new ArgumentException("One of the EKUs provided is empty.");
-                }
-            }
-        }
-
-        private void ValidateDnsNames(IList<string> dnsNames)
-        {
-            if (dnsNames == null || !dnsNames.Any())
-            {
-                return;
-            }
-
-            foreach (var dnsName in dnsNames)
-            {
-                if (string.IsNullOrWhiteSpace(dnsName))
-                {
-                    throw new ArgumentException("One of the DNS names provided is empty.");
-                }
-            }
-        }
-
-        private void ValidateSubjectName(string subjectName)
-        {
-            if (string.IsNullOrWhiteSpace(subjectName))
-            {
-                return;
-            }
-
-            try
-            {
-                new X500DistinguishedName(subjectName);
-            }
-            catch (CryptographicException e)
-            {
-                throw new ArgumentException("The subject name provided is not a valid X500 name.", e);
-            }
-        }
     }
 }
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md b/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
index a731d4c05a98..c677c12c6857 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVaultCertificatePolicy.md
@@ -21,7 +21,7 @@ New-AzKeyVaultCertificatePolicy [-IssuerName] <String> [-SubjectName] <String>
  [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
  [-Ekus <System.Collections.Generic.List`1[System.String]>] [-ValidityInMonths <Int32>]
  [-CertificateType <String>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>]
- [-KeySize <Int32>] [-KeyType <String>] [-Curve <String>] [-KeyNotExportable] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [-KeySize <Int32>] [-KeyType <String>] [-KeyNotExportable] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
@@ -33,7 +33,7 @@ New-AzKeyVaultCertificatePolicy [-IssuerName] <String> [[-SubjectName] <String>]
  [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
  [-Ekus <System.Collections.Generic.List`1[System.String]>] [-ValidityInMonths <Int32>]
  [-CertificateType <String>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>]
- [-KeySize <Int32>] [-KeyType <String>] [-Curve <String>] [-KeyNotExportable] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [-KeySize <Int32>] [-KeyType <String>] [-KeyNotExportable] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
 
@@ -49,7 +49,6 @@ PS C:\> New-AzKeyVaultCertificatePolicy -SecretContentType "application/x-pkcs12
 SecretContentType               : application/x-pkcs12
 Kty                             :
 KeySize                         : 2048
-Curve                           :
 Exportable                      :
 ReuseKeyOnRenewal               : True
 SubjectName                     : CN=contoso.com
@@ -214,15 +213,12 @@ The acceptable values for this parameter are:
 - 2048
 - 3072
 - 4096
-- 256
-- 384
-- 521
 
 ```yaml
 Type: System.Int32
 Parameter Sets: (All)
 Aliases:
-Accepted values: 2048, 3072, 4096, 256, 384, 521
+Accepted values: 2048, 3072, 4096
 
 Required: False
 Position: Named
@@ -236,36 +232,12 @@ Specifies the key type of the key that backs the certificate.
 The acceptable values for this parameter are:
 - RSA
 - RSA-HSM
-- EC
-- EC-HSM
 
 ```yaml
 Type: System.String
 Parameter Sets: (All)
 Aliases:
-Accepted values: RSA, RSA-HSM, EC, EC-HSM
-
-Required: False
-Position: Named
-Default value: RSA
-Accept pipeline input: True (ByPropertyName)
-Accept wildcard characters: False
-```
-
-### -Curve
-Specifies the elliptic curve name of the key of the certificate.
-The acceptable values for this parameter are:
-- P-256
-- P-384
-- P-521
-- P-256K
-- SECP256K1
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-Accepted values: P-256, P-384, P-521, P-256K, SECP256K1
+Accepted values: RSA, RSA-HSM
 
 Required: False
 Position: Named
diff --git a/src/KeyVault/KeyVault/help/Set-AzKeyVaultCertificatePolicy.md b/src/KeyVault/KeyVault/help/Set-AzKeyVaultCertificatePolicy.md
index b927a4097d31..1b9d0a36597d 100644
--- a/src/KeyVault/KeyVault/help/Set-AzKeyVaultCertificatePolicy.md
+++ b/src/KeyVault/KeyVault/help/Set-AzKeyVaultCertificatePolicy.md
@@ -21,7 +21,7 @@ Set-AzKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-RenewAt
  [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
  [-Ekus <System.Collections.Generic.List`1[System.String]>] [-ValidityInMonths <Int32>] [-IssuerName <String>]
  [-CertificateType <String>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>]
- [-KeySize <Int32>] [-KeyType <String>] [-Curve <String>] [-KeyNotExportable] [-CertificateTransparency <Boolean>] [-PassThru]
+ [-KeySize <Int32>] [-KeyType <String>] [-KeyNotExportable] [-CertificateTransparency <Boolean>] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -29,7 +29,7 @@ Set-AzKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> [-RenewAt
 ```
 Set-AzKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String>
  [-InputObject] <PSKeyVaultCertificatePolicy> [-EmailAtNumberOfDaysBeforeExpiry <Int32>]
- [-EmailAtPercentageLifetime <Int32>] [-KeySize <Int32>] [-KeyType <String>] [-Curve <String>] [-CertificateTransparency <Boolean>] [-PassThru]
+ [-EmailAtPercentageLifetime <Int32>] [-KeySize <Int32>] [-KeyType <String>] [-CertificateTransparency <Boolean>] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -41,7 +41,7 @@ Set-AzKeyVaultCertificatePolicy [-VaultName] <String> [-Name] <String> -RenewAtN
  [-KeyUsage <System.Collections.Generic.List`1[System.Security.Cryptography.X509Certificates.X509KeyUsageFlags]>]
  [-Ekus <System.Collections.Generic.List`1[System.String]>] [-ValidityInMonths <Int32>] [-IssuerName <String>]
  [-CertificateType <String>] [-EmailAtNumberOfDaysBeforeExpiry <Int32>] [-EmailAtPercentageLifetime <Int32>]
- [-KeySize <Int32>] [-KeyType <String>] [-Curve <String>] [-KeyNotExportable] [-CertificateTransparency <Boolean>] [-PassThru]
+ [-KeySize <Int32>] [-KeyType <String>] [-KeyNotExportable] [-CertificateTransparency <Boolean>] [-PassThru]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -57,7 +57,6 @@ PS C:\> Set-AzKeyVaultCertificatePolicy -VaultName "ContosoKV01" -Name "TestCert
 SecretContentType               : application/x-pkcs12
 Kty                             :
 KeySize                         : 2048
-Curve                           :
 Exportable                      :
 ReuseKeyOnRenewal               : True
 SubjectName                     : CN=contoso.com
@@ -252,19 +251,16 @@ The acceptable values for this parameter are:
 - 2048
 - 3072
 - 4096
-- 256
-- 384
-- 521
 
 ```yaml
 Type: System.Int32
 Parameter Sets: (All)
 Aliases:
-Accepted values: 2048, 3072, 4096, 256, 384, 521
+Accepted values: 2048, 3072, 4096
 
 Required: False
 Position: Named
-Default value: 2048
+Default value: None
 Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
@@ -274,41 +270,17 @@ Specifies the key type of the key that backs the certificate.
 The acceptable values for this parameter are:
 - RSA
 - RSA-HSM
-- EC
-- EC-HSM
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-Accepted values: RSA, RSA-HSM, EC, EC-HSM
-
-Required: False
-Position: Named
-Default value: RSA
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -Curve
-Specifies the elliptic curve name of the key of the certificate.
-The acceptable values for this parameter are:
-- P-256
-- P-384
-- P-521
-- P-256K
-- SECP256K1
 
 ```yaml
 Type: System.String
 Parameter Sets: (All)
 Aliases:
-Accepted values: P-256, P-384, P-521, P-256K, SECP256K1
+Accepted values: RSA, RSA-HSM
 
 Required: False
 Position: Named
 Default value: None
-Accept pipeline input: True (ByPropertyName)
+Accept pipeline input: False
 Accept wildcard characters: False
 ```