Add-HgsKeyProtectionCertificate
Adds a key certificate to the Key Protection Service.
Syntax
Add-HgsKeyProtectionCertificate
-CertificateType <KeyCertificateType>
-Thumbprint <String>
[-NoCertificateReplication]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Add-HgsKeyProtectionCertificate
-CertificateType <KeyCertificateType>
-CertificatePath <String>
[-CertificatePassword <SecureString>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Add-HgsKeyProtectionCertificate cmdlet adds a certificate to the Key Protection Service. You can add a certificate as an encryption certificate or a signing certificate. You can add a reference to a certificate stored in the Windows certificate store. Before you add a certificate reference you must add the certificate to the LocalMachine\My certificate store. The cmdlet looks up the certificate in the LocalMachine\My certificate store by using its thumbprint. You can also add a full certificate stored in a file as a pfx. If the file containing the pfx is protected by a password, you must specify the pfx password.
Examples
Example 1: Add an encryption certificate
PS C:\> Add-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "d39203a3b3544743ad552afe0615dc1f"This command adds a certificate reference to the Key Protection Service for use as an encryption certificate.
Example 2: Add an encryption certificate file with a password
PS C:\> Add-HgsKeyProtectionCertificate -CertificateType Encryption -CertificatePath "C:\example.pfx" -CertificatePassword $PasswordThis command adds a certificate file to the Key Protection Service as an encryption certificate. In this example, the certificate file is protected by a password stored as a SecureString in the variable $Password.
Parameters
-CertificatePassword
Specifies the password which protects a certificate file. If the certificate file is protected by a password, you must specify this value.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificatePath
Specifies the path to the certificate which will be added to the Key Protection Service.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateType
Specifies the type of the certificate that this cmdlet adds. The acceptable values for this parameter are:
- Signing
- Encryption
| Type: | KeyCertificateType |
| Accepted values: | Signing, Encryption |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NoCertificateReplication
This only applies when you use the -Thumbprint option to specify a certificate.
It is typically used for hardware security module (HSM) backed certificates but can be used for other certificates too.
Specifying NoCertificateReplication disables automatic replication of the certificate from LocalMachine\My certificate store to the same store on all other nodes in the cluster.
The HGS admin is then responsible for replicating that certificate manually to all other nodes in the cluster.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the certificate to add. You must add the certificate to the LocalMachine\My certificate store before you run the current cmdlet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
None
This cmdlet does not generate any output.