Get-HgsKeyProtectionAttestationSignerCertificate

Gets the attestation signer certificates that the Key Protection Service trusts.

Syntax

Get-HgsKeyProtectionAttestationSignerCertificate
   [-Thumbprint <String>]
   [<CommonParameters>]

Description

The Get-HgsKeyProtectionAttestationSignerCertificate cmdlet gets the attestation signer certificates that the Key Protection Service trusts

Examples

Example 1: Get all attestation certificates

PS C:\> Get-HgsKeyProtectionAttestationSignerCertificate

This command gets all the attestation certificates signers that the Key Protection Service trusts.

Example 2: Get a single attestation certificate

PS C:\> Get-HgsKeyProtectionAttestationSignerCertificate -Thumbprint "d39203a3b3544743ad552afe0615dc1f"

This command gets a single attestation certificate signer that the Key Protection Service trusts. The command looks up the certificate signer by using a thumbprint.

Optional Parameters

-Thumbprint

Specifies the thumbprint of the attestation signer certificate to get. If you do not specify a value for this parameter, this cmdlet gets all the attestation signer certificates for trusted attestation servers.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

Microsoft.Windows.KpsServer.Common.Store.Data.AttestationCertificate

This cmdlet returns an AttestationCertificate object that represents an attestation signer certificate. The object contains the following fields:

  • Certificate. The X509Certificate2 object.
  • AttestationCertificatePolicy. The policy that describes further limitations on which health certificates signed by this signer certificate are trusted by the Key Protection Service.