Get-HgsKeyProtectionCertificate
Gets key certificates in the Key Protection Service.
Syntax
Get-HgsKeyProtectionCertificate
[-CertificateType <KeyCertificateType>]
[-IsEnabled <Boolean>]
[-IsPrimary <Boolean>]
[<CommonParameters>] Get-HgsKeyProtectionCertificate
-CertificateType <KeyCertificateType>
-Thumbprint <String>
[<CommonParameters>] Description
The Get-HgsKeyProtectionCertificate cmdlet gets key certificates in the Key Protection Service.
Examples
Example 1: Get all key certificates
PS C:\> Get-HgsKeyProtectionCertificateThis command gets all key certificates from the Key Protection Service.
Example 2: Get a specific key certificate
PS C:\> Get-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "a17dd68f4ecc499bbe65ee18718123da"This command gets a key certificate that has the specified type and thumbprint.
Example 3: Get enabled non-primary key certificates
PS C:\> Get-HgsKeyProtectionCertificate -IsEnabled $True -IsPrimary $FalseThis command gets all key certificates that are enabled but not primary.
Parameters
-CertificateType
Specifies of the type of the certificate that this cmdlet gets. The acceptable values for this parameter are:The acceptable values for this parameter are:
- Signing
- Encryption
If you do not specify this parameter, the cmdlet gets both signing and encryption certificates.
| Type: | KeyCertificateType |
| Accepted values: | Signing, Encryption, Signing, Encryption |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsEnabled
Specifies whether to get enabled or disabled key certificates. Specify a value of $True to get only enabled certificates. Specify a value of $False to get only disabled certificates. If you do not specify this parameter, the cmdlet gets both enabled and disabled certificates.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsPrimary
Specifies whether to get the primary key certificate. Specify a value of $True to get only the primary certificate. Specify a value of $False to get only certificates that are not primary. If you do not specify this parameter, the cmdlet gets both primary and not primary certificates.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the certificate to get. If you specify this parameter, you must also specify the CertificateType parameter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
Microsoft.Windows.KpsServer.Common.Store.Data.KeyCertificate
This cmdlet returns a key certificate. The object contains the following fields:
- Thumbprint. The thumbprint of the certificate.
- CertificateType. The type of the certificate. Valid values are: Encryption and Signing.
- Enabled. Whether the certificate is enabled.
- Primary. Whether this certificate is the primary certificate.
- Certificate. The full X509Certificate2 object associated with this key certificate.