Confirm-CAAttestationIdentityKeyInfo
Checks whether the local CA trusts secure hardware for identity key attestation.
Confirm-CAAttestationIdentityKeyInfo
[-PublicKeyHash] <String>
[<CommonParameters>]Confirm-CAAttestationIdentityKeyInfo
[-Certificate] <X509Certificate2>
[<CommonParameters>]The Confirm-CAAttestationIdentityKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for identity key attestation. The Attestation Identity Key (AIK) replaces the Endorsement Key as an identity for the TPM. An Attestation Identity Key is permanently embedded in the security hardware. The public portion of the key helps to recognize genuine security hardware.
This cmdlet verifies whether the AIK public certificate connects through a certificate chain to an anchor that the CA trusts. Specify an X509 certificate by using the Certificate parameter.
This cmdlet checks whether the AIK public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the PublicKeyHash parameter.
Confirm-CAAttestationIdentityKeyInfo -Certificate Contoso87.cer
TrueThis command checks whether the certificate Contoso87.cer connects, by using a certificate chain, to a trusted anchor.
This example returns a value of $True.
Confirm-CAAttestationIdentityKeyInfo -PublicKeyHash "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
FalseThe command checks for the public certificate specified as an SHA-256 hash code.
This example returns a value of $False.
The CA does not have this public key.
Specifies an X509 public key certificate issued to secure hardware.
| Type: | X509Certificate2 |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies an Attestation Identity Key (AIK) public key of the secure hardware, as the result of the SHA-256 hash algorithm. This value is a 64 character hexadecimal string.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |