Get-HgsKeyProtectionCertificate
Gets key certificates in the Key Protection Service.
Syntax
Get-HgsKeyProtectionCertificate
[-CertificateType <KeyCertificateType>]
[-IsEnabled <Boolean>]
[-IsPrimary <Boolean>]
[<CommonParameters>]
Get-HgsKeyProtectionCertificate
-CertificateType <KeyCertificateType>
-Thumbprint <String>
[<CommonParameters>]
Description
The Get-HgsKeyProtectionCertificate cmdlet gets key certificates in the Key Protection Service.
Examples
Example 1: Get all key certificates
PS C:\> Get-HgsKeyProtectionCertificate
This command gets all key certificates from the Key Protection Service.
Example 2: Get a specific key certificate
PS C:\> Get-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "a17dd68f4ecc499bbe65ee18718123da"
This command gets a key certificate that has the specified type and thumbprint.
Example 3: Get enabled non-primary key certificates
PS C:\> Get-HgsKeyProtectionCertificate -IsEnabled $True -IsPrimary $False
This command gets all key certificates that are enabled but not primary.
Parameters
-CertificateType
Specifies of the type of the certificate that this cmdlet gets. The acceptable values for this parameter are:The acceptable values for this parameter are:
- Signing
- Encryption
If you do not specify this parameter, the cmdlet gets both signing and encryption certificates.
Type: | KeyCertificateType |
Accepted values: | Signing, Encryption, Signing, Encryption |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IsEnabled
Specifies whether to get enabled or disabled key certificates. Specify a value of $True to get only enabled certificates. Specify a value of $False to get only disabled certificates. If you do not specify this parameter, the cmdlet gets both enabled and disabled certificates.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IsPrimary
Specifies whether to get the primary key certificate. Specify a value of $True to get only the primary certificate. Specify a value of $False to get only certificates that are not primary. If you do not specify this parameter, the cmdlet gets both primary and not primary certificates.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the certificate to get. If you specify this parameter, you must also specify the CertificateType parameter.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
Microsoft.Windows.KpsServer.Common.Store.Data.KeyCertificate
This cmdlet returns a key certificate. The object contains the following fields:
- Thumbprint. The thumbprint of the certificate.
- CertificateType. The type of the certificate. Valid values are: Encryption and Signing.
- Enabled. Whether the certificate is enabled.
- Primary. Whether this certificate is the primary certificate.
- Certificate. The full X509Certificate2 object associated with this key certificate.
Related Links
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : tout au long de 2024, nous allons éliminer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d'informations, consultez :Envoyer et afficher des commentaires pour