Get-AzKeyVaultCertificate
Gets a certificate from a key vault.
Syntax
ByName (Default)
Get-AzKeyVaultCertificate
[-VaultName] <String>
[[-Name] <String>]
[-InRemovedState]
[-IncludePending]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByCertificateNameAndVersion
Get-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
[-Version] <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByCertificateAllVersions
Get-AzKeyVaultCertificate
[-VaultName] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzKeyVaultCertificate
[-InputObject] <PSKeyVault>
[[-Name] <String>]
[-InRemovedState]
[-IncludePending]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzKeyVaultCertificate
[-InputObject] <PSKeyVault>
[-Name] <String>
[-Version] <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzKeyVaultCertificate
[-InputObject] <PSKeyVault>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByNameResourceId
Get-AzKeyVaultCertificate
[-ResourceId] <String>
[[-Name] <String>]
[-InRemovedState]
[-IncludePending]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByCertificateNameAndVersionResourceId
Get-AzKeyVaultCertificate
[-ResourceId] <String>
[-Name] <String>
[-Version] <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByCertificateAllVersionsResourceId
Get-AzKeyVaultCertificate
[-ResourceId] <String>
[-Name] <String>
[-IncludeVersions]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzKeyVaultCertificate cmdlet gets the specified certificate or the versions of a certificate from a key vault in Azure Key Vault.
Examples
Example 1: Get a certificate
Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "TestCert01"
Name : testCert01
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
2/8/2016 3:11:45 PM
[Not After]
8/8/2016 4:21:45 PM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KeyId : https://contoso.vault.azure.net:443/keys/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
SecretId : https://contoso.vault.azure.net:443/secrets/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags :
Enabled : True
Created : 2/8/2016 11:21:45 PM
Updated : 2/8/2016 11:21:45 PM
This command gets the certificate named TestCert01 from the key vault named ContosoKV01
Example 2: Get cert and save it as pfx
$CertBase64 = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certName -AsPlainText
$CertBytes = [Convert]::FromBase64String($CertBase64)
Set-Content -Path cert.pfx -Value $CertBytes -AsByteStream
This command gets the certificate named $certName from the key vault named $vaultName. These commands access secret $certName and then save the content as a pfx file.
Example 3: Get all the certificates that have been deleted but not purged for this key vault.
Get-AzKeyVaultCertificate -VaultName 'contoso' -InRemovedState
DeletedDate : 5/24/2018 6:08:32 PM
Enabled : True
Expires : 11/24/2018 6:08:13 PM
NotBefore : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Tags :
VaultName : contoso
Name : test1
Version :
Id : https://contoso.vault.azure.net:443/certificates/test1
ScheduledPurgeDate : 8/22/2018 6:10:47 PM
DeletedDate : 5/24/2018 6:10:47 PM
Enabled : True
Expires : 11/24/2018 6:09:44 PM
NotBefore : 5/24/2018 5:59:44 PM
Created : 5/24/2018 6:09:44 PM
Updated : 5/24/2018 6:09:44 PM
Tags :
VaultName : contoso
Name : test2
Version :
Id : https://contoso.vault.azure.net:443/certificates/test2
This command gets all the certificates that have been previously deleted, but not purged, in the key vault named Contoso.
Example 4: Gets the certificate MyCert that has been deleted but not purged for this key vault.
Get-AzKeyVaultCertificate -VaultName 'contoso' -Name 'test1' -InRemovedState
Certificate : [Subject]
CN=contoso.com
[Issuer]
CN=contoso.com
[Serial Number]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[Not Before]
5/24/2018 10:58:13 AM
[Not After]
11/24/2018 10:08:13 AM
[Thumbprint]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KeyId : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
SecretId : https://contoso.vault.azure.net:443/secrets/test1/7fe415d5518240c1a6fce89986b8d334
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RecoveryLevel : Recoverable+Purgeable
ScheduledPurgeDate : 8/22/2018 6:08:32 PM
DeletedDate : 5/24/2018 6:08:32 PM
Enabled : True
Expires : 11/24/2018 6:08:13 PM
NotBefore : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Tags :
VaultName : contoso
Name : test1
Version : 7fe415d5518240c1a6fce89986b8d334
Id : https://contoso.vault.azure.net:443/certificates/test1/7fe415d5518240c1a6fce89986b8d334
This command gets the certificate named 'MyCert' that has been previously deleted, but not purged, in the key vault named Contoso.
This command will return metadata such as the deletion date, and the scheduled purging date of this deleted certificate.
Example 5: List certificates using filtering
Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "test*"
Enabled : True
Expires : 8/5/2019 2:39:25 AM
NotBefore : 2/5/2019 2:29:25 AM
Created : 2/5/2019 2:39:25 AM
Updated : 2/5/2019 2:39:25 AM
Tags :
VaultName : ContosoKV01
Name : test1
Version :
Id : https://ContosoKV01.vault.azure.net:443/certificates/test1
Enabled : True
Expires : 8/5/2019 2:39:25 AM
NotBefore : 2/5/2019 2:29:25 AM
Created : 2/5/2019 2:39:25 AM
Updated : 2/5/2019 2:39:25 AM
Tags :
VaultName : ContosoKV01
Name : test2
Version :
Id : https://ContosoKV01.vault.azure.net:443/certificates/test2
This command gets all certificates starting with "test" from the key vault named ContosoKV01.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IncludePending
Specifies whether to include pending certificates in the output
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameInputObject
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IncludeVersions
Indicates that this operation gets all versions of the certificate.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByCertificateAllVersions
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateAllVersionsInputObject
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateAllVersionsResourceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
KeyVault object.
Type: PSKeyVault
Default value: None Supports wildcards: False DontShow: False
ByNameInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateNameAndVersionInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateAllVersionsInputObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-InRemovedState
Specifies whether to include previously deleted certificates in the output
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameInputObject
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Specifies the name of the certificate to get.
Parameter properties
Type: String
Default value: None Supports wildcards: True DontShow: False Aliases: CertificateName
Parameter sets
ByName
Position: 1 Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameInputObject
Position: 1 Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByNameResourceId
Position: 1 Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceId
KeyVault Resource Id.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByNameResourceId
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ByCertificateNameAndVersionResourceId
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ByCertificateAllVersionsResourceId
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-VaultName
Specifies the name of a key vault.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByName
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateNameAndVersion
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateAllVersions
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Version
Specifies the version of a certificate.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: CertificateVersion
Parameter sets
ByCertificateNameAndVersion
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateNameAndVersionInputObject
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByCertificateNameAndVersionResourceId
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
