Add-HgsKeyProtectionCertificate

Module:

HgsKeyProtection Module

Adds a key certificate to the Key Protection Service.

Syntax

CertificateReference (Default)

Add-HgsKeyProtectionCertificate
    -CertificateType <KeyCertificateType>
    -Thumbprint <String>
    [-NoCertificateReplication]
    [-Force]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

FullCertificate

Add-HgsKeyProtectionCertificate
    -CertificateType <KeyCertificateType>
    -CertificatePath <String>
    [-CertificatePassword <SecureString>]
    [-Force]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Add-HgsKeyProtectionCertificate cmdlet adds a certificate to the Key Protection Service. You can add a certificate as an encryption certificate or a signing certificate. You can add a reference to a certificate stored in the Windows certificate store. Before you add a certificate reference you must add the certificate to the LocalMachine\My certificate store. The cmdlet looks up the certificate in the LocalMachine\My certificate store by using its thumbprint. You can also add a full certificate stored in a file as a pfx. If the file containing the pfx is protected by a password, you must specify the pfx password.

Examples

Example 1: Add an encryption certificate

PS C:\> Add-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "d39203a3b3544743ad552afe0615dc1f"

This command adds a certificate reference to the Key Protection Service for use as an encryption certificate.

Example 2: Add an encryption certificate file with a password

PS C:\> Add-HgsKeyProtectionCertificate -CertificateType Encryption -CertificatePath "C:\example.pfx" -CertificatePassword $Password

This command adds a certificate file to the Key Protection Service as an encryption certificate. In this example, the certificate file is protected by a password stored as a SecureString in the variable $Password.

Parameters

-CertificatePassword

Specifies the password which protects a certificate file. If the certificate file is protected by a password, you must specify this value.

Parameter properties

Type:	SecureString
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

FullCertificate

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CertificatePath

Specifies the path to the certificate which will be added to the Key Protection Service.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

FullCertificate

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CertificateType

Specifies the type of the certificate that this cmdlet adds. The acceptable values for this parameter are:

• Signing
• Encryption

Parameter properties

Type:	KeyCertificateType
Default value:	None
Accepted values:	Signing, Encryption
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Force

Forces the command to run without asking for user confirmation.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-NoCertificateReplication

This only applies when you use the -Thumbprint option to specify a certificate. It is typically used for hardware security module (HSM) backed certificates but can be used for other certificates too. Specifying NoCertificateReplication disables automatic replication of the certificate from LocalMachine\My certificate store to the same store on all other nodes in the cluster. The HGS admin is then responsible for replicating that certificate manually to all other nodes in the cluster.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CertificateReference

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Thumbprint

Specifies the thumbprint of the certificate to add. You must add the certificate to the LocalMachine\My certificate store before you run the current cmdlet.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CertificateReference

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

You cannot pipe input to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Related Links

• Get-HgsKeyProtectionCertificate
• Remove-HgsKeyProtectionCertificate
• Set-HgsKeyProtectionCertificate