Get-HgsKeyProtectionCertificate

Gets key certificates in the Key Protection Service.

Syntax

Get-HgsKeyProtectionCertificate
   [-CertificateType <KeyCertificateType>]
   [-IsEnabled <Boolean>]
   [-IsPrimary <Boolean>]
   [<CommonParameters>]
Get-HgsKeyProtectionCertificate
   -CertificateType <KeyCertificateType>
   -Thumbprint <String>
   [<CommonParameters>]

Description

The Get-HgsKeyProtectionCertificate cmdlet gets key certificates in the Key Protection Service.

Examples

Example 1: Get all key certificates

PS C:\> Get-HgsKeyProtectionCertificate

This command gets all key certificates from the Key Protection Service.

Example 2: Get a specific key certificate

PS C:\> Get-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "a17dd68f4ecc499bbe65ee18718123da"

This command gets a key certificate that has the specified type and thumbprint.

Example 3: Get enabled non-primary key certificates

PS C:\> Get-HgsKeyProtectionCertificate -IsEnabled $True -IsPrimary $False

This command gets all key certificates that are enabled but not primary.

Required Parameters

-Thumbprint

Specifies the thumbprint of the certificate to get. If you specify this parameter, you must also specify the CertificateType parameter.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-CertificateType

Specifies of the type of the certificate that this cmdlet gets. The acceptable values for this parameter are:The acceptable values for this parameter are:

  • Signing
  • Encryption

If you do not specify this parameter, the cmdlet gets both signing and encryption certificates.

Type:KeyCertificateType
Parameter Sets:Signing, Encryption, Signing, Encryption
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IsEnabled

Specifies whether to get enabled or disabled key certificates. Specify a value of $True to get only enabled certificates. Specify a value of $False to get only disabled certificates. If you do not specify this parameter, the cmdlet gets both enabled and disabled certificates.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IsPrimary

Specifies whether to get the primary key certificate. Specify a value of $True to get only the primary certificate. Specify a value of $False to get only certificates that are not primary. If you do not specify this parameter, the cmdlet gets both primary and not primary certificates.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

Microsoft.Windows.KpsServer.Common.Store.Data.KeyCertificate

This cmdlet returns a key certificate. The object contains the following fields:

  • Thumbprint. The thumbprint of the certificate.
  • CertificateType. The type of the certificate. Valid values are: Encryption and Signing.
  • Enabled. Whether the certificate is enabled.
  • Primary. Whether this certificate is the primary certificate.
  • Certificate. The full X509Certificate2 object associated with this key certificate.