Client/PSPKI.Help.xml
<?xml version="1.0" encoding="utf-8"?><helpItems schema="maml"><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor-->
<command:details><command:name>Add-AdCertificate</command:name><maml:description><maml:para>Adds certificate to a specified AD-based certificate PKI container.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>AdCertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Adds certificate to a specified AD-based certificate PKI container.</maml:para><maml:para>AD PKI container managements require Enterprise Admins permissions or explicitly delegated permissions to Public Key Services container in Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-AdCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>AdContainer</maml:name><maml:description><maml:para>Specifies the AD-based PKI certificate container the certificate is added to. Input object is retrieved by calling a Get-AdPkiContainer cmdlet with NTAuth, AIA, RootCA or KRA container type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsPkiCertContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies a collection of certificates to add to AD certificate store.</maml:para><maml:para>If input AD container is of DsKraContainer type, a certificate is expected to be a key recovery agent (KRA) certificate and must be valid for key recovery operation (OID=1.3.6.1.4.1.311.21.6). In other cases, the certificate is expected to be a CA certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CrossCA</maml:name><maml:description><maml:para>Specifies whether the certificate is published as cross-certificate. This switch parameter makes sense only when input AD container is of DsAiaContainer type. For other containers, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>AdContainer</maml:name><maml:description><maml:para>Specifies the AD-based PKI certificate container the certificate is added to. Input object is retrieved by calling a Get-AdPkiContainer cmdlet with NTAuth, AIA, RootCA or KRA container type.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsPkiCertContainer</command:parameterValue><dev:type><maml:name>DsPkiCertContainer</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies a collection of certificates to add to AD certificate store.</maml:para><maml:para>If input AD container is of DsKraContainer type, a certificate is expected to be a key recovery agent (KRA) certificate and must be valid for key recovery operation (OID=1.3.6.1.4.1.311.21.6). In other cases, the certificate is expected to be a CA certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue><dev:type><maml:name>X509Certificate2[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CrossCA</maml:name><maml:description><maml:para>Specifies whether the certificate is published as cross-certificate. This switch parameter makes sense only when input AD container is of DsAiaContainer type. For other containers, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name></maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsPkiContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsPkiContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\pki\root_cacert.crt" PS C:\> Get-AdPkiContainer -ContainerType RootCA | Add-AdCertificate -Certificate $cert -Dispose</dev:code><dev:remarks><maml:para>This example gets certificate from a file, retrieves RootCA (trusted root CAs) AD container and publishes certificate to RootCA container. After operation completion, input object (RootCA container) is disposed. After autoenrollment trigger, domain members will get new trusted root CA.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\pki\cross.cer" PS C:\> Get-AdPkiContainer -ContainerType AIA | Add-AdCertificate -Certificate $cert -CrossCertificate -Dispose</dev:code><dev:remarks><maml:para>This example gets certificate from a file, retrieves AIA (intermediate CA) AD container and publishes certificate to AIA container as cross-certificate. After operation completion, input object (AIA container) is disposed. After autoenrollment trigger, domain members will get new certificate in Intermediate CAs local store.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/add-adcertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AdPkiContainer</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-AdCertificateRevocationList</command:name><maml:description><maml:para>Adds certificate revocation list (CRL) to Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>AdCertificateRevocationList</command:noun><dev:version /></command:details><maml:description><maml:para>Adds certificate revocation list (CRL) to Active Directory. CRLs are stored in Active Directory under 'CN=CDP, CN=Public Key Services, CN=Services, {ConfigurationNamingContext}'. A subcontainer is created for each CA under CDP container. Subcontainer, usually, is short or NetBIOS name of CA server. Custom names are supported. Subcontainer stores CRL entries for each CA private key. Unlike other AD PKI containers, contents of CDP container is not propagated to clients and are used only when explicit URL is specified in the certificate's CDP (CRL Distribution Points) extension.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-AdCertificateRevocationList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CdpContainer</maml:name><maml:description><maml:para>Specifies the CDP container object to add the CRL to.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsCDPContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>CertificateRevocationList</maml:name><maml:description><maml:para>Specifies the certificate revocation list object to add.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRL2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>HostName</maml:name><maml:description><maml:para>Specifies the subcontainer name which is usually a short or NetBIOS name of CA computer. This parameter can be omitted when CRL includes 'Published CRL Locations' CRL extension, which includes exact path in Active Directory to publish to. If CRL doesn't include 'Published CRL Locations' CRL extension, this parameter is required, otherwise, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CdpContainer</maml:name><maml:description><maml:para>Specifies the CDP container object to add the CRL to.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsCDPContainer</command:parameterValue><dev:type><maml:name>DsCDPContainer</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>CertificateRevocationList</maml:name><maml:description><maml:para>Specifies the certificate revocation list object to add.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRL2</command:parameterValue><dev:type><maml:name>X509CRL2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>HostName</maml:name><maml:description><maml:para>Specifies the subcontainer name which is usually a short or NetBIOS name of CA computer. This parameter can be omitted when CRL includes 'Published CRL Locations' CRL extension, which includes exact path in Active Directory to publish to. If CRL doesn't include 'Published CRL Locations' CRL extension, this parameter is required, otherwise, an error will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsCDPContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsCDPContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$crl = Get-CRL -Path "c:\pki\contoso subca.crl" PS C:\> Get-AdPkiContainer -ContainerType CDP | Add-AdCertificateRevocationList -CRL $crl -HostName "subca01" -Dispose</dev:code><dev:remarks><maml:para>This command reads CRL object from file, retrieves CDP container from Active Directory and writes CRL to CDP object. During object creation, a dedicated subcontainer with name 'subca01' under CDP container is created. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/add-adcertificaterevocationlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AdPkiContainer</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Convert-PemToPfx</command:name><maml:description><maml:para>Converts PEM (Privacy Enhanced Mail) certificate with embedded private key to a PKCS#12/PFX file.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Convert</command:verb><command:noun>PemToPfx</command:noun><dev:version /></command:details><maml:description><maml:para>Converts PEM (Privacy Enhanced Mail) certificate with embedded private key to a PKCS#12/PFX file. PEM files are Base64-encoded files with PKCS#1 or PKCS#8 private key material. Windows natively does not support PKCS#1 and PKCS8 private key formats and this command allows you to perform such conversion. The command supports external private key files (when certificate and associated private key are stored in separate files). Depending on parameters, the command can: save PFX to a file, install PFX to certificate store or combine both operations by installing the certificate to certificate store and saving certificate to PFX file.</maml:para><maml:para>PEM file must be encoded in Base64 encoding and should have the following contents. PEM file must contain digital certificate at minimum and the contents is: -----BEGIN CERTIFICATE----- <Base64-encoded certificate> -----END CERTIFICATE-----</maml:para><maml:para>alternatively, PEM file may contain private key or it must be stored in separate file. Private key must be either PKCS#1 or PKCS#8. The following example illustrates PKCS#1 private key headers: -----BEGIN RSA PRIVATE KEY----- <Base64-encoded PKCS#1 private key> -----END RSA PRIVATE KEY-----</maml:para><maml:para>The following example illustrates PKCS#8 private key headers: -----BEGIN PRIVATE KEY----- <Base64-encoded PKCS#8 private key> -----END PRIVATE KEY-----</maml:para><maml:para>any external information outside cryptographic headers is silently ignored.</maml:para><maml:para>Note: currently the command do not support quiet mode and must be called in interactive mode. You will be prompted for password to protect PFX and it cannot be scripted.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Convert-PemToPfx</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>InputPath</maml:name><maml:description><maml:para>Specifies the path to a PEM file. If PEM file contains only public certificate, the KeyPath parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyPath</maml:name><maml:description><maml:para>Specifies the path to a private key file if public certificate and associated private key are stored in separate files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>OutputPath</maml:name><maml:description><maml:para>Specifies the path for resulting PKCS#12/PFX file. If you want to install the certificate to certificate store without intermediate PFX file, you can omit this parameter and use '-Install' parameter instead.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the intended key purpose. Can be either 'AT_EXCHANGE' (default value) or 'AT_SIGNATURE'. SSL and encryption certificates use 'AT_EXCHANGE' key purpose. Code signing and authentication certificates usually use 'AT_SIGNATURE' key purpose.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeySpecFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password for PFX file. This parameter is ignored if '-OutputPath' is not specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the cryptographic service provider name where to import the key. Currently, only legacy and CAPI smart card providers are supported. Key Storage Providers (KSP) are not supported in this version.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>StoreLocation</maml:name><maml:description><maml:para>Specifies the store location where the certificate is installed. This parameter is ignored if '-Install' parameter is not specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">StoreLocation</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Install</maml:name><maml:description><maml:para>Specifies whether the certificate needs to be installed in the certificate store. If specified, the certificate is installed in the Personal (My) container of the store specified in the 'StoreLocation' parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>InputPath</maml:name><maml:description><maml:para>Specifies the path to a PEM file. If PEM file contains only public certificate, the KeyPath parameter is required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyPath</maml:name><maml:description><maml:para>Specifies the path to a private key file if public certificate and associated private key are stored in separate files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>OutputPath</maml:name><maml:description><maml:para>Specifies the path for resulting PKCS#12/PFX file. If you want to install the certificate to certificate store without intermediate PFX file, you can omit this parameter and use '-Install' parameter instead.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the intended key purpose. Can be either 'AT_EXCHANGE' (default value) or 'AT_SIGNATURE'. SSL and encryption certificates use 'AT_EXCHANGE' key purpose. Code signing and authentication certificates usually use 'AT_SIGNATURE' key purpose.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeySpecFlags</command:parameterValue><dev:type><maml:name>X509KeySpecFlags</maml:name><maml:uri/></dev:type><dev:defaultValue>Exchange</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password for PFX file. This parameter is ignored if '-OutputPath' is not specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the cryptographic service provider name where to import the key. Currently, only legacy and CAPI smart card providers are supported. Key Storage Providers (KSP) are not supported in this version.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>Microsoft Enhanced RSA and AES Cryptographic Provider</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>StoreLocation</maml:name><maml:description><maml:para>Specifies the store location where the certificate is installed. This parameter is ignored if '-Install' parameter is not specified.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">StoreLocation</command:parameterValue><dev:type><maml:name>StoreLocation</maml:name><maml:uri/></dev:type><dev:defaultValue>CurrentUser</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Install</maml:name><maml:description><maml:para>Specifies whether the certificate needs to be installed in the certificate store. If specified, the certificate is installed in the Personal (My) container of the store specified in the 'StoreLocation' parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $password = Read-Host -Prompt "Enter PFX password" -AsSecureString PS C:\> Convert-PemToPfx -InputPath C:\test\ssl.pem -OutputPath c:\test\ssl.pfx -Password $password</dev:code><dev:remarks><maml:para>In this example, ssl.pem file is converted to PFX file and saved to ssl.pfx file. This example assumes that public certificate and associated private key are stored in the same file.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $password = ConvertTo-SecureString "P@ssW0rD!" -asplaintext -force PS C:\> Convert-PemToPfx -InputPath C:\test\ssl.pem -KeyPath c:\test\ssl.key -OutputPath c:\test\ssl.pfx -Password $password</dev:code><dev:remarks><maml:para>In this example, ssl.pem file is converted to PFX file and saved to ssl.pfx file. This example assumes that public certificate and associated private key are stored in separate files.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Convert-PemToPfx -InputPath C:\test\ssl.pem -Install -StoreLocation "LocalMachine"</dev:code><dev:remarks><maml:para>In this example, ssl.pem file is converted to in-memory PFX object and is imported to "Local Machine\Personal" (Cert:\LocalMachine\My) certificate store. No PFX file is generated.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/convert-pemtopfx</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Convert-PfxToPem</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Convert-PfxToPem</command:name><maml:description><maml:para>Converts PKCS#12/PFX file or X509Certificate2 object to OpenSSL-compatible PEM (Privacy Enhanced Mail) file. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Convert</command:verb><command:noun>PfxToPem</command:noun><dev:version /></command:details><maml:description><maml:para>Converts PKCS#12/PFX file or X509Certificate2 object to OpenSSL-compatible PEM (Privacy Enhanced Mail) file. The command converts CryptoAPI X.509 certificate and private key to a X.509 public certificate and associated either PKCS#1 or PKCS#8 private key.</maml:para><maml:para>Note: for this command to succeed, the private key must be marked as exportable in plain text mode.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Convert-PfxToPem</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>InputFile</maml:name><maml:description><maml:para>Specifies the path to a PKCS#12/PFX file. Password parameter is required when using this parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">FileInfo</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password to open PKCS#12/PFX file. This parameter is mandatory when using InputFile parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>OutputFile</maml:name><maml:description><maml:para>Specifies the path to a output PEM file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">FileInfo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>OutputType</maml:name><maml:description><maml:para>Specifies the format for exported private key. Possible values are either: 'Pkcs1' or 'Pkcs8' (default).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IncludeChain</maml:name><maml:description><maml:para>Attempts to build the certificate chain and exports them to PEM file along with private key.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Convert-PfxToPem</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an existing X509Certificate2 object that contains associated exportable private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>OutputFile</maml:name><maml:description><maml:para>Specifies the path to a output PEM file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">FileInfo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>OutputType</maml:name><maml:description><maml:para>Specifies the format for exported private key. Possible values are either: 'Pkcs1' or 'Pkcs8' (default).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IncludeChain</maml:name><maml:description><maml:para>Attempts to build the certificate chain and exports them to PEM file along with private key.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>InputFile</maml:name><maml:description><maml:para>Specifies the path to a PKCS#12/PFX file. Password parameter is required when using this parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">FileInfo</command:parameterValue><dev:type><maml:name>FileInfo</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password to open PKCS#12/PFX file. This parameter is mandatory when using InputFile parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>OutputFile</maml:name><maml:description><maml:para>Specifies the path to a output PEM file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">FileInfo</command:parameterValue><dev:type><maml:name>FileInfo</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>OutputType</maml:name><maml:description><maml:para>Specifies the format for exported private key. Possible values are either: 'Pkcs1' or 'Pkcs8' (default).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>Pkcs8</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an existing X509Certificate2 object that contains associated exportable private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IncludeChain</maml:name><maml:description><maml:para>Attempts to build the certificate chain and exports them to PEM file along with private key.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.IO.FileInfo</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.io.fileinfo.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType><command:inputType><dev:type><maml:name> System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri> https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $pass = Read-Host "Enter password for PFX file:" -AsSecureString PS C:\> Convert-PfxToPem -InputPath c:\test\ssl.pfx -Password $pass -OutputPath c:\test\ssl.pem</dev:code><dev:remarks><maml:para>In this example, ssl.pfx file is converted to PEM format. Public certificate and associated private key are saved in the same file. Private key is encoded in PKCS#8 format.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Convert-PfxToPem -InputPath c:\test\ssl.pfx -Password (ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force) -OutputPath c:\test\ssl.pem -OutputType Pkcs1</dev:code><dev:remarks><maml:para>Similar to previous example which can be used in quiet mode. In this example, ssl.pfx file is converted to PEM format. Public certificate and associated private key are saved in the same file. Private key is encoded in PKCS#1 format.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $cert = @(Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -like "*www.company.com*"})[0] PS C:\> Convert-PfxToPem -Certificate $cert -OutputPath c:\test\ssl.pem -IncludeChain</dev:code><dev:remarks><maml:para>In this example, the certificate is retrieved from local certificate store and converted PEM is saved to 'ssl.pem' file. Private key is converted to PKCS#8 format. Resulted file will contain: PKCS#8 private key, leaf certificate and all available intermediate CA certificates, including Root CA certificate if applicable.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/convert-pfxtopem</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Convert-PemToPfx</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-AdPkiContainer</command:name><maml:description><maml:para>Retrieves named PKI container from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>AdPkiContainer</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves named PKI container from Active Directory. AD PKI containers are used to hold information about enterprise PKI. Such information includes:</maml:para><maml:para>- intermediate CA certificates - trusted root CA certificates - certitificate revocation lists - Enterprise CA registration information - enterprise object identifiers (OID) - key recoverty agent (KRA) certificates - enterprise certificate templates</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-AdPkiContainer</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ContainerType</maml:name><maml:description><maml:para>Specifies the container type. The value can be one of the following: - NTAuth — Contains certificates of CAs that are allowed to issue client authentication certificates and perform client private key archival. These certificates are downloaded and cached on Active Directory forest clients. - AIA — Contains CA certificates and cross-certificates that are used by certificate clients to build certificate chains. These certificates are downloaded and cached on Active Directory forest clients. - CDP — Contains certificate revocation lists published to Active Directory. These CRLs are not automatically downloaded by clients. They are accessed only when explicit request to specific CRL is created. - RootCA — Contains certificates of trusted root CAs approved by Active Directory administrators. These certificates are downloaded and cached on Active Directory forest clients. - EnrollmentServices — Contains enrollment service objects (typically Enterprise CAs) which are used by clients that implement [MS-WCCE] communication protocol to manually, or automatically request certificates. - KRA — Contains a collection of key recovery agent (KRA) certificates published to Active Directory. Certification Authorities use this container to locate KRA certificates when key archival is configured. - OID — Contains a collection of mapping objects between object identifier (OID) and their friendly names. - CertificateTemplates — Contains a collection of certificate templates.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsContainerType</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ContainerType</maml:name><maml:description><maml:para>Specifies the container type. The value can be one of the following: - NTAuth — Contains certificates of CAs that are allowed to issue client authentication certificates and perform client private key archival. These certificates are downloaded and cached on Active Directory forest clients. - AIA — Contains CA certificates and cross-certificates that are used by certificate clients to build certificate chains. These certificates are downloaded and cached on Active Directory forest clients. - CDP — Contains certificate revocation lists published to Active Directory. These CRLs are not automatically downloaded by clients. They are accessed only when explicit request to specific CRL is created. - RootCA — Contains certificates of trusted root CAs approved by Active Directory administrators. These certificates are downloaded and cached on Active Directory forest clients. - EnrollmentServices — Contains enrollment service objects (typically Enterprise CAs) which are used by clients that implement [MS-WCCE] communication protocol to manually, or automatically request certificates. - KRA — Contains a collection of key recovery agent (KRA) certificates published to Active Directory. Certification Authorities use this container to locate KRA certificates when key archival is configured. - OID — Contains a collection of mapping objects between object identifier (OID) and their friendly names. - CertificateTemplates — Contains a collection of certificate templates.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsContainerType</command:parameterValue><dev:type><maml:name>DsContainerType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name></maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsPkiContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsPkiContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\pki\root_cacert.crt" PS C:\> Get-AdPkiContainer -ContainerType RootCA | Add-AdCertificate -Certificate $cert -Dispose</dev:code><dev:remarks><maml:para>This example gets certificate from a file, retrieves RootCA (trusted root CAs) AD container and publishes certificate to RootCA container. After operation completion, input object (RootCA container) is disposed. After autoenrollment trigger, domain members will get new trusted root CA.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\pki\cross.cer" PS C:\> Get-AdPkiContainer -ContainerType AIA | Add-AdCertificate -Certificate $cert -CrossCertificate -Dispose</dev:code><dev:remarks><maml:para>This example gets certificate from a file, retrieves AIA (intermediate CA) AD container and publishes certificate to AIA container as cross-certificate. After operation completion, input object (AIA container) is disposed. After autoenrollment trigger, domain members will get new certificate in Intermediate CAs local store.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$crl = Get-CRL -Path "c:\pki\contoso subca.crl" PS C:\> Get-AdPkiContainer -ContainerType CDP | Add-AdCertificateRevocationList -CRL $crl -HostName "subca01" -Dispose</dev:code><dev:remarks><maml:para>This command reads CRL object from file, retrieves CDP container from Active Directory and writes CRL to CDP object. During object creation, a dedicated subcontainer with name 'subca01' under CDP container is created. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-AdPkiContainer -ContainerType NTAuth | Remove-AdCertificate -Thumbprint "EC9385E533782453D5C285B2A67311447FB57A6F", "3E778F108E7DC983939732AFAC3EE89383478973" -Dispose</dev:code><dev:remarks><maml:para>This command retrieves NTAuth container from Active Directory and removes all certificate occurences with specified certificate thumbprints. After operation completion, input object (NTAuth container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$aia = Get-AdPkiContainer -ContainerType AIA PS C:\> $entries = $aia.Certificates | Where-Object {$_.Name -eq "Contoso CA"} PS C:\> Get-AdPkiContainer -ContainerType AIA | Remove-AdCertificate -Certificate $entries -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>First line retrieves AIA (SubCA) container from Active Directory. Second line selects all certificate enries for "Contoso CA" in specified container. Third line removes selected entries from AIA container and deletes empty CA entry from Active Directory. After operation completion, input object (AIA container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -Thumbprint "1C4BF393320A6C70D5C506AF9F422950B0C11EAB6273132C9B326438AB1C0929", "17FCB3E67512017E4611FBA9052164031F1D873F800E613A96AC09F77D269349" -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>This command retrieves CDP container from Active Directory and removes all CRLs with specified certificate thumbprints. If particular CDP entry in Active Directory is empty, it is deleted. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 7 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cdp = Get-AdPkiContainer -ContainerType CDP PS C:\> $entries = $cdp.RevocationLists | Where-Object {$_.HostName -eq "subca01"} PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -CRL $entries -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>First line retrieves CDP container from Active Directory. Second line selects all CRL entries for "subca01" host name in specified container. Third line removes selected entries from CDP container and deletes empty CDP entries from Active Directory. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-AdPkiContainer</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateContextProperty</command:name><maml:description><maml:para>Gets the certificate context property from Windows Certificate Store.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateContextProperty</command:noun><dev:version /></command:details><maml:description><maml:para>Gets the certificate context property from Windows Certificate Store or serialized store (SST). When the certificate is installed in the certificate store it is possible to attach some certificate properties which are not the part of the certificate. There are number of certificate context properties, like Friendly Name, Description, Private Key Information, enrollment information, Extended Validation (EV) policies, etc. The full list of supported properties is defined in X509CertificatePropertyType enumeration. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateContextProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate from Windows Certificate Store or serialized (SST) store.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PropertyName</maml:name><maml:description><maml:para>Specifies the property name to return. By default, all attached properties are returned. This parameter is not compatible with '-NameList' parameter.</maml:para><maml:para>Note: If specific property is requested and it is not available for the specified certificate, an exception will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CertificatePropertyType</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateContextProperty</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate from Windows Certificate Store or serialized (SST) store.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>NameList</maml:name><maml:description><maml:para>Retrives the list of attached properties as a collection of property name. You can use this information to retrieve existing certificate property. This parameter is not compatible with '-PropertyName' parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies the certificate from Windows Certificate Store or serialized (SST) store.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PropertyName</maml:name><maml:description><maml:para>Specifies the property name to return. By default, all attached properties are returned. This parameter is not compatible with '-NameList' parameter.</maml:para><maml:para>Note: If specific property is requested and it is not available for the specified certificate, an exception will be thrown.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CertificatePropertyType</command:parameterValue><dev:type><maml:name>X509CertificatePropertyType</maml:name><maml:uri/></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>NameList</maml:name><maml:description><maml:para>Retrives the list of attached properties as a collection of property name. You can use this information to retrieve existing certificate property. This parameter is not compatible with '-PropertyName' parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateContextProperty</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificateContextProperty.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>Single certificate context property</maml:para></maml:description></command:returnValue><command:returnValue><dev:type><maml:name> SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateContextPropertyCollection</maml:name><maml:uri> https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificateContextPropertyCollection.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para> A collection of all attached context properties</maml:para></maml:description></command:returnValue><command:returnValue><dev:type><maml:name> SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificatePropertyType</maml:name><maml:uri> https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificatePropertyType.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para> A collection of X509CertificatePropertyType enum values</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>(Get-ChildItem cert:\CurrentUser\my)[0] | Get-CertificateContextProperty -NameList</dev:code><dev:remarks><maml:para>Retrieves the list of populated property names for the first certificate in the 'Current User\Personal' store.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>(Get-ChildItem cert:\CurrentUser\my)[0] | Get-CertificateContextProperty -PropertyName "ProviderInfo"</dev:code><dev:remarks><maml:para>Retrieves the private key's cryptographic service provider. If presented, output information will contain CSP/KSP name, provider type and container name.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>(Get-ChildItem cert:\CurrentUser\my)[0] | Get-CertificateContextProperty</dev:code><dev:remarks><maml:para>Retrieves all available certificate context properties and their values for the specified certificate object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-certificatecontextproperty</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateRequest</command:name><maml:description><maml:para>Retrieves an X.509 certificate signing request (CSR) object from a file or a DER-encoded byte array.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves and decodes X.509 certificate request object from a file or a DER-encoded byte array.</maml:para><maml:para>Certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital certificate. You can review formatted request information calling a "ToString()" method on returned object.</maml:para><maml:para> This command supports both, PKCS#10 and PKCS#7/CMC certificate reuqests.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateRequest</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a certificate request file. Usually, this file has a ".req" or ".csr" file extension.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawRequest</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that contains certificate request information.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a certificate request file. Usually, this file has a ".req" or ".csr" file extension.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawRequest</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that contains certificate request information.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType><command:inputType><dev:type><maml:name> System.Byte[]</maml:name><maml:uri> https://msdn.microsoft.com/en-us/library/system.byte.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateRequest</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificateRequest.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateRequest C:\mycert.req</dev:code><dev:remarks><maml:para>Retrieves certificate request object from a file.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Raw = [convert]::FromBase64String($Base64encodedstring) PS C:\> Get-CertificateRequest -RawRequest $Raw</dev:code><dev:remarks><maml:para>In this example, $Base64encodedstring contains certificate request in a Base64 encoding and is converted to a byte array and passed to Get-CertificateRequest to get the request object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-certificaterequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Submit-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateRevocationList</command:name><maml:description><maml:para>Retrieves Certificate Revocation List object from a file or a DER-encoded byte array.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateRevocationList</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves an X.509 Certificate Revocation List (CRL) object from a file or a DER-encoded byte array.</maml:para><maml:para>Certificate Revocation List (CRL) is a digitally signed file issued by a Certification Authority (CA) that contains serial numbers of certificates that are explicitly revoked (must not be accepted by applications) before specified certificate expiration. Client application uses CRL file during presented certificate validation to determine whether it is valid for usage. If the certificate (its serial number) is presented in the CRL, application must reject presented certificate.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateRevocationList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateRevocationList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawCRL</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that represents a Certificate Revocation List (CRL).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawCRL</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that represents a Certificate Revocation List (CRL).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType><command:inputType><dev:type><maml:name> System.Byte[]</maml:name><maml:uri> https://msdn.microsoft.com/en-us/library/system.byte.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CRL2.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CRL C:\Custom.crl</dev:code><dev:remarks><maml:para>In this example, the CRL object is constructed from a CRL file.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Raw = [IO.FILE]::ReadAllBytes("C:\Custom.crl") PS C:\> Get-CRL -RawCRL $Raw</dev:code><dev:remarks><maml:para>Returns X509CRL2 object from a DER-encoded byte array.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-certificaterevocationlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Show-CertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateTrustList</command:name><maml:description><maml:para>Retrieves Certificate Trust List (CTL) object from a file or a DER-encoded byte array.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateTrustList</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves a Certificate Trust List (CTL) object from a file or a DER-encoded byte array.</maml:para><maml:para>A CTL is a predefined list of items signed by a trusted entity. A CTL is a list of hashes of certificates or a list of file names. All items in the list are authenticated (signed) and approved by a trusted signing entity. The primary use of CTLs is to verify signed messages, using the CTL as a source of trusted root certificates.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateTrustList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateTrustList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawCTL</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that represents a Certificate Trust List (CTL).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="0"><maml:name>RawCTL</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array that represents a Certificate Trust List (CTL).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType><command:inputType><dev:type><maml:name> System.Byte[]</maml:name><maml:uri> https://msdn.microsoft.com/en-us/library/system.byte.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificateTrustList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTrustList -Path C:\authroot.stl</dev:code><dev:remarks><maml:para>In this example, the CTL object is constructed from a CTL file. CTLs usually have an .stl extension.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Raw = [IO.FILE]::ReadAllBytes("C:\authroot.stl") Get-CertificateTrustList -RawCTL $Raw</dev:code><dev:remarks><maml:para>CTL object is constructed from a byte array.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-certificatetrustlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Show-CertificateTrustList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CryptographicServiceProvider</command:name><maml:description><maml:para>Retrieves a list of Cryptographic Service Providers (CSP) installed on the system.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CryptographicServiceProvider</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves a list of Cryptographic Service Providers (CSP) installed on the system with extended properties. This command supports both, legacy (also known as CryptoAPI) and Key Storage (KSP) providers (known as CAPI2 or CNG providers). This command displays supported cryptographic algorithms, possible key sizes and used protocol (for example, signing, hashing, encryption, etc).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CryptographicServiceProvider</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Name</maml:name><maml:description><maml:para>Specifies Cryptographic Service Provider (CSP) or Key Storage Provider (KSP) name to retrieve.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Name</maml:name><maml:description><maml:para>Specifies Cryptographic Service Provider (CSP) or Key Storage Provider (KSP) name to retrieve.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.CspProviderInfoCollection</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_CspProviderInfoCollection.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CryptographicServiceProvider</dev:code><dev:remarks><maml:para>Returns all installed CSPs with their extended properties.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-cryptographicserviceprovider</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-EnrollmentPolicyServerClient</command:name><maml:description><maml:para>Retrieves locally registered Certificate Enrollment Policy (CEP) server endpoints.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>EnrollmentPolicyServerClient</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves locally registered Certificate Enrollment Policy (CEP) server endpoints and their settings. Certificate Enrollment Policy Service provides an ability to perform non-domain (from standalone machine and from non-Windows operating system) to enroll client certificates from Windows-based CA server. By using CEP servers, clients can utilize autoenrollment functionality without domain membership.</maml:para><maml:para>The command retrieves CEP service information that is registered by group policy or local registry information.</maml:para><maml:para>Note: this command is available and supported on Windows 7/Windows Server 2008 R2 and newer operating systems.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-EnrollmentPolicyServerClient</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UserContext</maml:name><maml:description><maml:para>Specifies the context to retrieve. If the switch is presented, then CEP servers registered for the current user account are returned, otherwise, CEP servers registered for local machine account are returned.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UserContext</maml:name><maml:description><maml:para>Specifies the context to retrieve. If the switch is presented, then CEP servers registered for the current user account are returned, otherwise, CEP servers registered for local machine account are returned.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.Enrollment.Policy.PolicyServerClient[]</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_Enrollment_Policy_PolicyServerClient.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-EnrollmentPolicyServerClient -UserContext</dev:code><dev:remarks><maml:para>Retrieves all locally registered CEP clients.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-enrollmentpolicyserverclient</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-ErrorMessage</command:name><maml:description><maml:para>Displays a human readable error message of Win32 and WinInet error codes</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ErrorMessage</command:noun><dev:version /></command:details><maml:description><maml:para>Displays a human readable error message of Win32 and WinInet error codes. The command supports short and long error message notations. The commands support both, integer and hex (0x########) forms.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ErrorMessage</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ErrorCode</maml:name><maml:description><maml:para>Specifies a Win32/WinInet error code. This parameter supports short and long error code notations. Short notation: 5 Long notation as hex: 0x80070005 Long notation as integer: -2147024891</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ErrorCode</maml:name><maml:description><maml:para>Specifies a Win32/WinInet error code. This parameter supports short and long error code notations. Short notation: 5 Long notation as hex: 0x80070005 Long notation as integer: -2147024891</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.Int32</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/System.Int32.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ErrorMessage 5</dev:code><dev:remarks><maml:para>Displays a text associated with the Win32 error code 5 (Access denied) that is specified in a short notation.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ErrorMessage 0x80070005</dev:code><dev:remarks><maml:para>Displays a text associated with the Win32 error code 0x8007005 (Access denied) that is specified as a hex.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ErrorMessage -2147024891</dev:code><dev:remarks><maml:para>Displays a text associated with the Win32 error code -2147024891 (Access denied) that is specified as an integer.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-errormessage</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-ObjectIdentifier</command:name><maml:description><maml:para>Resolves object identifier value to a associated friendly name and vice versa.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ObjectIdentifier</command:noun><dev:version /></command:details><maml:description><maml:para>Resolves object identifier value to a associated friendly name and vice versa. The cmdlet resolves both well-known OIDs (used in Internet PKI) and Active Directory forest specific registered OIDs.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ObjectIdentifier</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>OIDString</maml:name><maml:description><maml:para>Specifies a string or strings that represents object identifier friendly name or value.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>OIDString</maml:name><maml:description><maml:para>Specifies a string or strings that represents object identifier friendly name or value.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String[]</maml:name><maml:uri>http://msdn.microsoft.com/en-us/library/System.String.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.Oid[]</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/System.Security.Cryptography.Oid.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ObjectIdentifier "Server Authentication"</dev:code><dev:remarks><maml:para>Will resolve 'Server Authentication' OID to an object identifier value (1.3.6.1.5.5.7.3.1).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ObjectIdentifier "1.3.6.1.5.5.7.3.9"</dev:code><dev:remarks><maml:para>Will resolve '1.3.6.1.5.5.7.3.9' value to a friendly name (OCSP Signing).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-objectidentifier</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifierEx</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Register-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Unregister-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-ObjectIdentifierEx</command:name><maml:description><maml:para>Resolves object identifier value to a associated friendly name and vice versa and returns extended information.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ObjectIdentifierEx</command:noun><dev:version /></command:details><maml:description><maml:para>Resolves object identifier value to a associated friendly name and vice versa. The cmdlet resolves both well-known OIDs (used in Internet PKI) and Active Directory forest specific registered OIDs.</maml:para><maml:para>The difference with Get-ObjectIdentifier here is a more detailed output information about OID registration and OID type.</maml:para><maml:para>The output of the command can be piped to Unregister-ObjectIdentifier command.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ObjectIdentifierEx</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Value</maml:name><maml:description><maml:para>Specifies a string or strings that represents object identifier friendly name or value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Group</maml:name><maml:description><maml:para /></maml:description><command:parameterValue required="true" variableLength="false">OidGroup</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Indicates that the command should attempt to search both local registry OID tables and OID registrations in Active Directory.</maml:para><maml:para>Note: This parameter is always enabled and cannot be disabled on Windows XP and Windows Server 2003 computers.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Value</maml:name><maml:description><maml:para>Specifies a string or strings that represents object identifier friendly name or value.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Indicates that the command should attempt to search both local registry OID tables and OID registrations in Active Directory.</maml:para><maml:para>Note: This parameter is always enabled and cannot be disabled on Windows XP and Windows Server 2003 computers.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Group</maml:name><maml:description><maml:para /></maml:description><command:parameterValue required="true" variableLength="false">OidGroup</command:parameterValue><dev:type><maml:name>OidGroup</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.Oid2</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_Oid2.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ObjectIdentifierEx -Value sha1</dev:code><dev:remarks><maml:para>Returns extended information about OID registration with friendly name 'sha1'.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ObjectIdentifierEx -Value "Company smart card policy" -UseActiveDirectory | Unregister-ObjectIdentifier</dev:code><dev:remarks><maml:para>Gets information about OID registration with friendly name 'Company smart card policy' and deletes all OID registrations from local system and Active Directory.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/get-objectidentifierex</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Register-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Unregister-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>New-SelfSignedCertificateEx</command:name><maml:description><maml:para>This cmdlet generates a self-signed or CA-signed certificate</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>SelfSignedCertificateEx</command:noun><dev:version /></command:details><maml:description><maml:para>This cmdlet generates a self-signed or CA-signed certificate with various options.</maml:para><maml:para>Note: self-signed certificates (non-CA) should not be used in a production environment, they are generally intended for testing purposes only.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-SelfSignedCertificateEx</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies the certificate subject in a X500 distinguished name format. Example: CN=Test Cert, OU=Sandbox</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>NotBefore</maml:name><maml:description><maml:para>Specifies the date and time when the certificate become valid. By default previous day date is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>NotAfter</maml:name><maml:description><maml:para>Specifies the date and time when the certificate expires. By default, the certificate is valid for 1 year.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies the desired serial number in a hex format. Example: 01a4ff2</maml:para><maml:para>If not specified, serial number is generated automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the Cryptography Service Provider (CSP) name. You can use either legacy CSP and Key Storage Providers (KSP). By default "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlgorithmName</maml:name><maml:description><maml:para>Specifies the public key algorithm. By default RSA algorithm is used. RSA is the only algorithm supported by legacy CSPs. With key storage providers (KSP) you can use CNG algorithms, like ECDH. For CNG algorithms you must use full name: ECDH_P256 ECDH_P384 ECDH_P521</maml:para><maml:para>In addition, KeyLength parameter must be specified explicitly when non-RSA algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyLength</maml:name><maml:description><maml:para>Specifies the key length to generate. By default an RSA 2048-bit key is generated.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the public key operations type. The possible values are: Exchange and Signature. Default value is Exchange.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>EnhancedKeyUsage</maml:name><maml:description><maml:para>Specifies the intended uses of the public key contained in a certificate. You can specify either, EKU's friendly name (for example 'Server Authentication') or object identifier (OID) value (for example '1.3.6.1.5.5.7.3.1').</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyUsage</maml:name><maml:description><maml:para>Specifies restrictions on the operations that can be performed by the public key contained in the certificate. Possible values (and their respective integer values to make bitwise operations) are: -- EncipherOnly -- CrlSign -- KeyCertSign -- KeyAgreement -- DataEncipherment -- KeyEncipherment -- NonRepudiation -- DigitalSignature -- DecipherOnly you can combine key usages values by using bitwise OR operation. When combining multiple flags, they must be enclosed in quotes and separated by a comma character. For example, to combine KeyEncipherment and DigitalSignature flags you should type: "KeyEncipherment, DigitalSignature".</maml:para><maml:para>If the certificate is CA certificate (see IsCA parameter), key usages extension is generated automatically with the following key usages: Certificate Signing, Off-line CRL Signing, CRL Signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeyUsageFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SubjectAlternativeName</maml:name><maml:description><maml:para>Specifies alternative names for the subject. Unlike Subject field, this extension allows to specify more than one name. Also, multiple types of alternative names are supported.</maml:para><maml:para>The following syntax is used to specify alternative names (curve braces denote alternative name value): -- DNS name: "dns:{dns_name}". Example: "dns:www.example.com" -- RFC822 Name: "email:{email_address}". Example: "email:someone@example.com" -- IP address: "ip:{ipv4_or_ipv6}". Example: "ip:192.168.0.1", "ip:fd00:0:0:4::41" -- User Principal Name (UPN): "upn:{user_principal_name}". Example: "upn:someone@example.com" -- Directory name: "dn:{X.500_name}". Example: "dn:CN=Someone, OU=OrgUnit, O=Example Inc., C=US" -- Object Identifier (OID): "oid:{IANA_assigned_oid}". Example: "oid:1.2.3.4.5.6.99999" -- URL: "url:{URL}". Example: "url:https://host.example.com/resource.html" -- GUID: "guid:{GUID}". Example: "guid:42105db6-313e-41be-96ae-52fc4633507f"</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IsCA</maml:name><maml:description><maml:para>Specifies whether the certificate is Certification Authority (IsCA = $true) or end entity (IsCA = $false) certificate. If this parameter is set to $false, PathLength parameter is ignored. Basic Constraints extension is marked as critical.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PathLength</maml:name><maml:description><maml:para>Specifies the number of additional CA certificates in the chain under this certificate. If this parameter is set to zero, then no additional (subordinate) CA certificates are permitted under this CA.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CustomExtension</maml:name><maml:description><maml:para>Specifies the custom extension to include to a self-signed certificate. This parameter must not be used to specify the extension that is supported via other parameters. In order to use this parameter, the extension must be formed in a collection of initialized System.Security.Cryptography.X509Certificates.X509Extension objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509ExtensionCollection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SignatureAlgorithm</maml:name><maml:description><maml:para>Specifies signature algorithm used to sign the certificate. By default 'SHA1' algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureFormat</maml:name><maml:description><maml:para>Specifies if PKCS#1 v2.1 signature format is used. When specified, RSA signature will be set to RSASSA-PSS and ECDSA will be set to EcdsaSpecified.</maml:para><maml:para>Note: this parameter may not be compatible with all cryptographic libraries.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies the signer certificate to sign generated certificate. When specified, generated certificate will be CA-signed, not self-signed. Generated certificate will include issuer name in Issuer field and includes AuthorityKeyIdenditier extension with issuer's public key SHA1 hash.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies friendly name for the certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Runtime</maml:name><maml:description><maml:para>Specifies whether the certificate is generated in memory without installing it in Windows Certificate Store. By default, generated certificate is installed in Windows Certificate Store. Use this switch parameter to avoid interaction with Windows Certificate Store. Object returned by this command will be the only reference to the certificate and caller must interact with returned object only.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AllowSMIME</maml:name><maml:description><maml:para>Enables Secure/Multipurpose Internet Mail Extensions for the certificate.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Exportable</maml:name><maml:description><maml:para>Marks private key as exportable. Smart card providers usually do not allow exportable keys.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-SelfSignedCertificateEx</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies the certificate subject in a X500 distinguished name format. Example: CN=Test Cert, OU=Sandbox</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>NotBefore</maml:name><maml:description><maml:para>Specifies the date and time when the certificate become valid. By default previous day date is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>NotAfter</maml:name><maml:description><maml:para>Specifies the date and time when the certificate expires. By default, the certificate is valid for 1 year.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies the desired serial number in a hex format. Example: 01a4ff2</maml:para><maml:para>If not specified, serial number is generated automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the Cryptography Service Provider (CSP) name. You can use either legacy CSP and Key Storage Providers (KSP). By default "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlgorithmName</maml:name><maml:description><maml:para>Specifies the public key algorithm. By default RSA algorithm is used. RSA is the only algorithm supported by legacy CSPs. With key storage providers (KSP) you can use CNG algorithms, like ECDH. For CNG algorithms you must use full name: ECDH_P256 ECDH_P384 ECDH_P521</maml:para><maml:para>In addition, KeyLength parameter must be specified explicitly when non-RSA algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyLength</maml:name><maml:description><maml:para>Specifies the key length to generate. By default an RSA 2048-bit key is generated.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the public key operations type. The possible values are: Exchange and Signature. Default value is Exchange.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>EnhancedKeyUsage</maml:name><maml:description><maml:para>Specifies the intended uses of the public key contained in a certificate. You can specify either, EKU's friendly name (for example 'Server Authentication') or object identifier (OID) value (for example '1.3.6.1.5.5.7.3.1').</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyUsage</maml:name><maml:description><maml:para>Specifies restrictions on the operations that can be performed by the public key contained in the certificate. Possible values (and their respective integer values to make bitwise operations) are: -- EncipherOnly -- CrlSign -- KeyCertSign -- KeyAgreement -- DataEncipherment -- KeyEncipherment -- NonRepudiation -- DigitalSignature -- DecipherOnly you can combine key usages values by using bitwise OR operation. When combining multiple flags, they must be enclosed in quotes and separated by a comma character. For example, to combine KeyEncipherment and DigitalSignature flags you should type: "KeyEncipherment, DigitalSignature".</maml:para><maml:para>If the certificate is CA certificate (see IsCA parameter), key usages extension is generated automatically with the following key usages: Certificate Signing, Off-line CRL Signing, CRL Signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeyUsageFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SubjectAlternativeName</maml:name><maml:description><maml:para>Specifies alternative names for the subject. Unlike Subject field, this extension allows to specify more than one name. Also, multiple types of alternative names are supported.</maml:para><maml:para>The following syntax is used to specify alternative names (curve braces denote alternative name value): -- DNS name: "dns:{dns_name}". Example: "dns:www.example.com" -- RFC822 Name: "email:{email_address}". Example: "email:someone@example.com" -- IP address: "ip:{ipv4_or_ipv6}". Example: "ip:192.168.0.1", "ip:fd00:0:0:4::41" -- User Principal Name (UPN): "upn:{user_principal_name}". Example: "upn:someone@example.com" -- Directory name: "dn:{X.500_name}". Example: "dn:CN=Someone, OU=OrgUnit, O=Example Inc., C=US" -- Object Identifier (OID): "oid:{IANA_assigned_oid}". Example: "oid:1.2.3.4.5.6.99999" -- URL: "url:{URL}". Example: "url:https://host.example.com/resource.html" -- GUID: "guid:{GUID}". Example: "guid:42105db6-313e-41be-96ae-52fc4633507f"</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IsCA</maml:name><maml:description><maml:para>Specifies whether the certificate is Certification Authority (IsCA = $true) or end entity (IsCA = $false) certificate. If this parameter is set to $false, PathLength parameter is ignored. Basic Constraints extension is marked as critical.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PathLength</maml:name><maml:description><maml:para>Specifies the number of additional CA certificates in the chain under this certificate. If this parameter is set to zero, then no additional (subordinate) CA certificates are permitted under this CA.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CustomExtension</maml:name><maml:description><maml:para>Specifies the custom extension to include to a self-signed certificate. This parameter must not be used to specify the extension that is supported via other parameters. In order to use this parameter, the extension must be formed in a collection of initialized System.Security.Cryptography.X509Certificates.X509Extension objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509ExtensionCollection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SignatureAlgorithm</maml:name><maml:description><maml:para>Specifies signature algorithm used to sign the certificate. By default 'SHA1' algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureFormat</maml:name><maml:description><maml:para>Specifies if PKCS#1 v2.1 signature format is used. When specified, RSA signature will be set to RSASSA-PSS and ECDSA will be set to EcdsaSpecified.</maml:para><maml:para>Note: this parameter may not be compatible with all cryptographic libraries.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies the signer certificate to sign generated certificate. When specified, generated certificate will be CA-signed, not self-signed. Generated certificate will include issuer name in Issuer field and includes AuthorityKeyIdenditier extension with issuer's public key SHA1 hash.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies friendly name for the certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>StoreLocation</maml:name><maml:description><maml:para>Specifies the store location to store self-signed certificate. Possible values are: 'CurrentUser' and 'LocalMachine'. 'CurrentUser' store is intended for user certificates and computer (as well as CA) certificates must be stored in the 'LocalMachine' store. If not specified, certificate is generated in memory and is not installed (persisted) in certificate store.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">StoreLocation</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AllowSMIME</maml:name><maml:description><maml:para>Enables Secure/Multipurpose Internet Mail Extensions for the certificate.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Exportable</maml:name><maml:description><maml:para>Marks private key as exportable. Smart card providers usually do not allow exportable keys.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>New-SelfSignedCertificateEx</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies the certificate subject in a X500 distinguished name format. Example: CN=Test Cert, OU=Sandbox</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>NotBefore</maml:name><maml:description><maml:para>Specifies the date and time when the certificate become valid. By default previous day date is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>NotAfter</maml:name><maml:description><maml:para>Specifies the date and time when the certificate expires. By default, the certificate is valid for 1 year.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies the desired serial number in a hex format. Example: 01a4ff2</maml:para><maml:para>If not specified, serial number is generated automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the Cryptography Service Provider (CSP) name. You can use either legacy CSP and Key Storage Providers (KSP). By default "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlgorithmName</maml:name><maml:description><maml:para>Specifies the public key algorithm. By default RSA algorithm is used. RSA is the only algorithm supported by legacy CSPs. With key storage providers (KSP) you can use CNG algorithms, like ECDH. For CNG algorithms you must use full name: ECDH_P256 ECDH_P384 ECDH_P521</maml:para><maml:para>In addition, KeyLength parameter must be specified explicitly when non-RSA algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyLength</maml:name><maml:description><maml:para>Specifies the key length to generate. By default an RSA 2048-bit key is generated.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the public key operations type. The possible values are: Exchange and Signature. Default value is Exchange.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>EnhancedKeyUsage</maml:name><maml:description><maml:para>Specifies the intended uses of the public key contained in a certificate. You can specify either, EKU's friendly name (for example 'Server Authentication') or object identifier (OID) value (for example '1.3.6.1.5.5.7.3.1').</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyUsage</maml:name><maml:description><maml:para>Specifies restrictions on the operations that can be performed by the public key contained in the certificate. Possible values (and their respective integer values to make bitwise operations) are: -- EncipherOnly -- CrlSign -- KeyCertSign -- KeyAgreement -- DataEncipherment -- KeyEncipherment -- NonRepudiation -- DigitalSignature -- DecipherOnly you can combine key usages values by using bitwise OR operation. When combining multiple flags, they must be enclosed in quotes and separated by a comma character. For example, to combine KeyEncipherment and DigitalSignature flags you should type: "KeyEncipherment, DigitalSignature".</maml:para><maml:para>If the certificate is CA certificate (see IsCA parameter), key usages extension is generated automatically with the following key usages: Certificate Signing, Off-line CRL Signing, CRL Signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeyUsageFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SubjectAlternativeName</maml:name><maml:description><maml:para>Specifies alternative names for the subject. Unlike Subject field, this extension allows to specify more than one name. Also, multiple types of alternative names are supported.</maml:para><maml:para>The following syntax is used to specify alternative names (curve braces denote alternative name value): -- DNS name: "dns:{dns_name}". Example: "dns:www.example.com" -- RFC822 Name: "email:{email_address}". Example: "email:someone@example.com" -- IP address: "ip:{ipv4_or_ipv6}". Example: "ip:192.168.0.1", "ip:fd00:0:0:4::41" -- User Principal Name (UPN): "upn:{user_principal_name}". Example: "upn:someone@example.com" -- Directory name: "dn:{X.500_name}". Example: "dn:CN=Someone, OU=OrgUnit, O=Example Inc., C=US" -- Object Identifier (OID): "oid:{IANA_assigned_oid}". Example: "oid:1.2.3.4.5.6.99999" -- URL: "url:{URL}". Example: "url:https://host.example.com/resource.html" -- GUID: "guid:{GUID}". Example: "guid:42105db6-313e-41be-96ae-52fc4633507f"</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IsCA</maml:name><maml:description><maml:para>Specifies whether the certificate is Certification Authority (IsCA = $true) or end entity (IsCA = $false) certificate. If this parameter is set to $false, PathLength parameter is ignored. Basic Constraints extension is marked as critical.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PathLength</maml:name><maml:description><maml:para>Specifies the number of additional CA certificates in the chain under this certificate. If this parameter is set to zero, then no additional (subordinate) CA certificates are permitted under this CA.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CustomExtension</maml:name><maml:description><maml:para>Specifies the custom extension to include to a self-signed certificate. This parameter must not be used to specify the extension that is supported via other parameters. In order to use this parameter, the extension must be formed in a collection of initialized System.Security.Cryptography.X509Certificates.X509Extension objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509ExtensionCollection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SignatureAlgorithm</maml:name><maml:description><maml:para>Specifies signature algorithm used to sign the certificate. By default 'SHA1' algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureFormat</maml:name><maml:description><maml:para>Specifies if PKCS#1 v2.1 signature format is used. When specified, RSA signature will be set to RSASSA-PSS and ECDSA will be set to EcdsaSpecified.</maml:para><maml:para>Note: this parameter may not be compatible with all cryptographic libraries.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies the signer certificate to sign generated certificate. When specified, generated certificate will be CA-signed, not self-signed. Generated certificate will include issuer name in Issuer field and includes AuthorityKeyIdenditier extension with issuer's public key SHA1 hash.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies friendly name for the certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para /></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password for PFX file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AllowSMIME</maml:name><maml:description><maml:para>Enables Secure/Multipurpose Internet Mail Extensions for the certificate.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Exportable</maml:name><maml:description><maml:para>Marks private key as exportable. Smart card providers usually do not allow exportable keys.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies the certificate subject in a X500 distinguished name format. Example: CN=Test Cert, OU=Sandbox</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>NotBefore</maml:name><maml:description><maml:para>Specifies the date and time when the certificate become valid. By default previous day date is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri/></dev:type><dev:defaultValue>Previous day's date</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>NotAfter</maml:name><maml:description><maml:para>Specifies the date and time when the certificate expires. By default, the certificate is valid for 1 year.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri/></dev:type><dev:defaultValue>1 year from current day</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies the desired serial number in a hex format. Example: 01a4ff2</maml:para><maml:para>If not specified, serial number is generated automatically.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the Cryptography Service Provider (CSP) name. You can use either legacy CSP and Key Storage Providers (KSP). By default "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>Microsoft Enhanced RSA and AES Cryptographic Provider</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlgorithmName</maml:name><maml:description><maml:para>Specifies the public key algorithm. By default RSA algorithm is used. RSA is the only algorithm supported by legacy CSPs. With key storage providers (KSP) you can use CNG algorithms, like ECDH. For CNG algorithms you must use full name: ECDH_P256 ECDH_P384 ECDH_P521</maml:para><maml:para>In addition, KeyLength parameter must be specified explicitly when non-RSA algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>RSA</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyLength</maml:name><maml:description><maml:para>Specifies the key length to generate. By default an RSA 2048-bit key is generated.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>2048</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeySpec</maml:name><maml:description><maml:para>Specifies the public key operations type. The possible values are: Exchange and Signature. Default value is Exchange.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>Exchange</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>EnhancedKeyUsage</maml:name><maml:description><maml:para>Specifies the intended uses of the public key contained in a certificate. You can specify either, EKU's friendly name (for example 'Server Authentication') or object identifier (OID) value (for example '1.3.6.1.5.5.7.3.1').</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>KeyUsage</maml:name><maml:description><maml:para>Specifies restrictions on the operations that can be performed by the public key contained in the certificate. Possible values (and their respective integer values to make bitwise operations) are: -- EncipherOnly -- CrlSign -- KeyCertSign -- KeyAgreement -- DataEncipherment -- KeyEncipherment -- NonRepudiation -- DigitalSignature -- DecipherOnly you can combine key usages values by using bitwise OR operation. When combining multiple flags, they must be enclosed in quotes and separated by a comma character. For example, to combine KeyEncipherment and DigitalSignature flags you should type: "KeyEncipherment, DigitalSignature".</maml:para><maml:para>If the certificate is CA certificate (see IsCA parameter), key usages extension is generated automatically with the following key usages: Certificate Signing, Off-line CRL Signing, CRL Signing.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509KeyUsageFlags</command:parameterValue><dev:type><maml:name>X509KeyUsageFlags</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SubjectAlternativeName</maml:name><maml:description><maml:para>Specifies alternative names for the subject. Unlike Subject field, this extension allows to specify more than one name. Also, multiple types of alternative names are supported.</maml:para><maml:para>The following syntax is used to specify alternative names (curve braces denote alternative name value): -- DNS name: "dns:{dns_name}". Example: "dns:www.example.com" -- RFC822 Name: "email:{email_address}". Example: "email:someone@example.com" -- IP address: "ip:{ipv4_or_ipv6}". Example: "ip:192.168.0.1", "ip:fd00:0:0:4::41" -- User Principal Name (UPN): "upn:{user_principal_name}". Example: "upn:someone@example.com" -- Directory name: "dn:{X.500_name}". Example: "dn:CN=Someone, OU=OrgUnit, O=Example Inc., C=US" -- Object Identifier (OID): "oid:{IANA_assigned_oid}". Example: "oid:1.2.3.4.5.6.99999" -- URL: "url:{URL}". Example: "url:https://host.example.com/resource.html" -- GUID: "guid:{GUID}". Example: "guid:42105db6-313e-41be-96ae-52fc4633507f"</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>IsCA</maml:name><maml:description><maml:para>Specifies whether the certificate is Certification Authority (IsCA = $true) or end entity (IsCA = $false) certificate. If this parameter is set to $false, PathLength parameter is ignored. Basic Constraints extension is marked as critical.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">Boolean</command:parameterValue><dev:type><maml:name>Boolean</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>PathLength</maml:name><maml:description><maml:para>Specifies the number of additional CA certificates in the chain under this certificate. If this parameter is set to zero, then no additional (subordinate) CA certificates are permitted under this CA.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CustomExtension</maml:name><maml:description><maml:para>Specifies the custom extension to include to a self-signed certificate. This parameter must not be used to specify the extension that is supported via other parameters. In order to use this parameter, the extension must be formed in a collection of initialized System.Security.Cryptography.X509Certificates.X509Extension objects.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509ExtensionCollection</command:parameterValue><dev:type><maml:name>X509ExtensionCollection</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SignatureAlgorithm</maml:name><maml:description><maml:para>Specifies signature algorithm used to sign the certificate. By default 'SHA1' algorithm is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>SHA1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies friendly name for the certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>StoreLocation</maml:name><maml:description><maml:para>Specifies the store location to store self-signed certificate. Possible values are: 'CurrentUser' and 'LocalMachine'. 'CurrentUser' store is intended for user certificates and computer (as well as CA) certificates must be stored in the 'LocalMachine' store. If not specified, certificate is generated in memory and is not installed (persisted) in certificate store.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">StoreLocation</command:parameterValue><dev:type><maml:name>StoreLocation</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AllowSMIME</maml:name><maml:description><maml:para>Enables Secure/Multipurpose Internet Mail Extensions for the certificate.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Exportable</maml:name><maml:description><maml:para>Marks private key as exportable. Smart card providers usually do not allow exportable keys.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Password</maml:name><maml:description><maml:para>Specifies the password for PFX file.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue><dev:type><maml:name>SecureString</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureFormat</maml:name><maml:description><maml:para>Specifies if PKCS#1 v2.1 signature format is used. When specified, RSA signature will be set to RSASSA-PSS and ECDSA will be set to EcdsaSpecified.</maml:para><maml:para>Note: this parameter may not be compatible with all cryptographic libraries.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies the signer certificate to sign generated certificate. When specified, generated certificate will be CA-signed, not self-signed. Generated certificate will include issuer name in Issuer field and includes AuthorityKeyIdenditier extension with issuer's public key SHA1 hash.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Runtime</maml:name><maml:description><maml:para>Specifies whether the certificate is generated in memory without installing it in Windows Certificate Store. By default, generated certificate is installed in Windows Certificate Store. Use this switch parameter to avoid interaction with Windows Certificate Store. Object returned by this command will be the only reference to the certificate and caller must interact with returned object only.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para /></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>New-SelfsignedCertificateEx -Subject "CN=Test Code Signing" -EKU "Code Signing" -KeySpec "Signature" ` -KeyUsage "DigitalSignature" -FriendlyName "Test code signing" -NotAfter $((Get-Date).AddYears(5))</dev:code><dev:remarks><maml:para>Creates a self-signed certificate intended for code signing and which is valid for 5 years. Certificate is saved in the Personal store of the current user account.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>New-SelfsignedCertificateEx -Subject "CN=www.domain.com" -EKU "Server Authentication", "Client authentication" ` -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "dns:sub.domain.com","dns:www.domain.com","ip:192.168.1.1" ` -AllowSMIME -Path C:\test\ssl.pfx -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Exportable</dev:code><dev:remarks><maml:para>Creates a self-signed SSL certificate with multiple subject names and saves it to a file. Private key is marked as exportable, so you can export the certificate with a associated private key to a file at any time. The certificate includes SMIME capabilities.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>New-SelfsignedCertificateEx -Subject "CN=www.domain.com" -EKU "Server Authentication", "Client authentication" ` -KeyUsage "KeyEncipherment, DigitalSignature" -SAN "dns:sub.domain.com","dns:www.domain.com","ip:192.168.1.1" ` -StoreLocation "LocalMachine" -ProviderName "Microsoft Software Key Storage Provider" -AlgorithmName ecdsa_p256 ` -KeyLength 256 -SignatureAlgorithm sha256</dev:code><dev:remarks><maml:para>Creates a self-signed SSL certificate with multiple subject names and saves it to a file. Additionally, the certificate is saved in the Personal store of the Local Machine store. Private key is marked as exportable, so you can export the certificate with a associated private key to a file at any time. Certificate uses Elliptic Curve Cryptography (ECC) key algorithm ECDSA with 256-bit key. The certificate is signed by using SHA256ECDSA algorithm.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>New-SelfsignedCertificateEx -Subject "CN=Test Root CA, OU=Sandbox" -IsCA $true -ProviderName ` "Microsoft Software Key Storage Provider" -Exportable</dev:code><dev:remarks><maml:para>Creates self-signed root CA certificate.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$signingCert = Get-Item cert:\CurrentUser\My\E160F8D2E4DBE18908F9C4D3C8DA8BB57118FCC8 PS C:\> $issuedCert = New-SelfsignedCertificateEx -Subject "CN=CA Signed Certificate, OU=Sandbox" -ProviderName ` "Microsoft Software Key Storage Provider" -KeyUsage "KeyEncipherment" -Issuer $signingCert -Exportable</dev:code><dev:remarks><maml:para>Creates a CA-signed certificate with exportable private key. Signer certificate is retrieved from Personal certificate store. Certificate thumbprint (or SHA1 hash) is used to select desired certificate. Issuer information is populated in issued certificate to indicate proper issuer. Certificate is generated in memory and not installed in certificate store.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/new-selfsignedcertificateex</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Ping-ICertInterface</command:name><maml:description><maml:para>Tests management and enrollment interface availability of the specified CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Ping</command:verb><command:noun>ICertInterface</command:noun><dev:version /></command:details><maml:description><maml:para>Tests management and enrollment interface availability of the specified CA server. The command attempts to make calls to server's ICertAdmin and ICertRequest interfaces. ICertAdmin interface is used for CA server management purposes and may not available on client operating systems. ICertRequest is used during certificate enrollment process.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Ping-ICertInterface</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object to check. This object can be retrieved by running Get-CertificationAuthority and Connect-CertificationAuthority commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object to check. This object can be retrieved by running Get-CertificationAuthority and Connect-CertificationAuthority commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority[]</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PSObject</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Ping-ICertInterface</dev:code><dev:remarks><maml:para>This command retrieves all Enterprise CAs and checks ICertAdmin and ICertRequest interface availability.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/ping-icertinterface</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Receive-Certificate</command:name><maml:description><maml:para>Receives issued certificate from a Certification Authority database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Receive</command:verb><command:noun>Certificate</command:noun><dev:version /></command:details><maml:description><maml:para>Receives issued certificate from a Certification Authority database. This command can be used to retrieve an issued pending certificate request after its approval.</maml:para><maml:para>Although, the command saves received certificates in the specified folder, the command returns corresponding X509Certificate2 objects, so you can use these certificates for custom tasks.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Receive-Certificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RequestRow</maml:name><maml:description><maml:para>Specifies a RequestRow object. This object can be retrieved by using either Get-IssuedRequest or Get-RevokedRequest. The request object already contains information about target CA server and request ID in the CA database.</maml:para><maml:para>Note: this command retrieves only issued certificates, therefore you should not use Get-PendingRequest or Get-FailedRequest commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a directory where to store the issued certificate. This parameter accepts only directory paths. If the directory doesn't exist, the command attempts to create it.</maml:para><maml:para>Files names are generated in the following form: RequestID_<RequestID>.cer</maml:para><maml:para>where '<RequestID>' is the request ID in the CA database.</maml:para><maml:para>Note: you should avoid RequestRow piping from different CA servers, because 2 CA servers may have matching RequestID values. Instead, use this command against each CA server separately.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DirectoryInfo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing file or not.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Receive-Certificate</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="named"><maml:name>EnrollmentPolicyServer</maml:name><maml:description><maml:para>Specifies the enrollment policy server endpoint from which to retrieve the certificate. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyServerClient</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Credential</maml:name><maml:description><maml:para>Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a directory where to store the issued certificate. This parameter accepts only directory paths. If the directory doesn't exist, the command attempts to create it.</maml:para><maml:para>Files names are generated in the following form: RequestID_<RequestID>.cer</maml:para><maml:para>where '<RequestID>' is the request ID in the CA database.</maml:para><maml:para>Note: you should avoid RequestRow piping from different CA servers, because 2 CA servers may have matching RequestID values. Instead, use this command against each CA server separately.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DirectoryInfo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing file or not.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RequestRow</maml:name><maml:description><maml:para>Specifies a RequestRow object. This object can be retrieved by using either Get-IssuedRequest or Get-RevokedRequest. The request object already contains information about target CA server and request ID in the CA database.</maml:para><maml:para>Note: this command retrieves only issued certificates, therefore you should not use Get-PendingRequest or Get-FailedRequest commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a directory where to store the issued certificate. This parameter accepts only directory paths. If the directory doesn't exist, the command attempts to create it.</maml:para><maml:para>Files names are generated in the following form: RequestID_<RequestID>.cer</maml:para><maml:para>where '<RequestID>' is the request ID in the CA database.</maml:para><maml:para>Note: you should avoid RequestRow piping from different CA servers, because 2 CA servers may have matching RequestID values. Instead, use this command against each CA server separately.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DirectoryInfo</command:parameterValue><dev:type><maml:name>DirectoryInfo</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing file or not.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="named"><maml:name>EnrollmentPolicyServer</maml:name><maml:description><maml:para>Specifies the enrollment policy server endpoint from which to retrieve the certificate. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyServerClient</command:parameterValue><dev:type><maml:name>PolicyServerClient</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Credential</maml:name><maml:description><maml:para>Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -Filter "CertificateTemplate -eq WebServer", "CommonName -eq www.company.com" | Receive-Certificate -Path C:\certs -Force</dev:code><dev:remarks><maml:para>In this example, the commands retrieve all issued certificates based on 'WebServer' template and issued to 'www.company.com' name and save them in 'C:\certs' folder.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/receive-certificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Register-ObjectIdentifier</command:name><maml:description><maml:para>Registers new object identifier (OID) either on a local machine, or in Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Register</command:verb><command:noun>ObjectIdentifier</command:noun><dev:version /></command:details><maml:description><maml:para>Registers new object identifier (OID) either on a local machine, or in Active Directory. The command supports OID registration in the following OID groups: ApplicationPolicy (as known as Enhanced Key Usage) or IssuancePolicy (as known as Certificate Policy).</maml:para><maml:para>It is possible to register the same OID within both OID groups on the local machine. In an Active Directory, multiple OID group registrations are not allowed. Therefore a particular OID value can be registered only within a single OID group.</maml:para><maml:para>Before registering an OID, a company should acquire a delegated OID tree, which is called to OID arc. There are two OID registrars: 1) IANA — https://pen.iana.org/pen/PenApplication.page 2) ISO — https://www.iso.org</maml:para><maml:para>In order the command to succeed the caller must be granted with: 1) local administrator permissions — if an OID is registered locally. 2) Enterprise Admins permissions, or delegated Write permissions on OID container in Active Directory, if 'UseActiveDirectory' switch is enabled.</maml:para><maml:para>OID container in Active Directory is located under: CN=Public Key Services, CN=Services, <Configuration Naming Context>.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Register-ObjectIdentifier</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies a friendly name for the OID to be registered. The name should be up to few words long. For example, when you register a custom certificate policy, then friendly name can be 'Company's smart card policy'.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Value</maml:name><maml:description><maml:para>Specifies a value of the OID to be registered. The value must be a dot-numerical string, for example: 1.2.3.45.678.9.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>OidGroup</maml:name><maml:description><maml:para>Specifies the OID group in which specified OID is registered. Possible values are: 'ApplicationPolicy' or 'IssuancePolicy'. It is possible to register particular OID in each OID group.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>CPSLocation</maml:name><maml:description><maml:para>Specifies the location to a document called as Certificate Practice Statement (CPS) which describes the certificate usage policies and rules. This parameter is mandatory if 'OidGroup' is set to 'IssuancePolicy' and 'UseActiveDirectory' switch is enabled. In all other cases, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Uri</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>LocaleId</maml:name><maml:description><maml:para>Specifies the locale ID with which is associated specified OID friendly name. This parameter is used only for culture-variant friendly names and has effect only if 'UseActiveDirectory' switch is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CultureInfo</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Indicates whether the specified OID information should be registered in Active Directory, instead of local OID database.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>By default, the script explicitly prompts you whether you want to register an OID with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>FriendlyName</maml:name><maml:description><maml:para>Specifies a friendly name for the OID to be registered. The name should be up to few words long. For example, when you register a custom certificate policy, then friendly name can be 'Company's smart card policy'.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Value</maml:name><maml:description><maml:para>Specifies a value of the OID to be registered. The value must be a dot-numerical string, for example: 1.2.3.45.678.9.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>OidGroup</maml:name><maml:description><maml:para>Specifies the OID group in which specified OID is registered. Possible values are: 'ApplicationPolicy' or 'IssuancePolicy'. It is possible to register particular OID in each OID group.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>CPSLocation</maml:name><maml:description><maml:para>Specifies the location to a document called as Certificate Practice Statement (CPS) which describes the certificate usage policies and rules. This parameter is mandatory if 'OidGroup' is set to 'IssuancePolicy' and 'UseActiveDirectory' switch is enabled. In all other cases, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Uri</command:parameterValue><dev:type><maml:name>Uri</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>LocaleId</maml:name><maml:description><maml:para>Specifies the locale ID with which is associated specified OID friendly name. This parameter is used only for culture-variant friendly names and has effect only if 'UseActiveDirectory' switch is enabled.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CultureInfo</command:parameterValue><dev:type><maml:name>CultureInfo</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Indicates whether the specified OID information should be registered in Active Directory, instead of local OID database.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>By default, the script explicitly prompts you whether you want to register an OID with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Cryptography.Oid2</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_Oid2.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy</dev:code><dev:remarks><maml:para>Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a local OID database.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Register-ObjectIdentifier -FriendlyName "Remote Desktop Authentication" -Value "1.3.6.1.4.1.311.54.1.2" -OidGroup ApplicationPolicy -UseActiveDirectory</dev:code><dev:remarks><maml:para>Registers an OID value '1.3.6.1.4.1.311.54.1.2' and display name 'Remote Desktop Authentication' as application policy (enhanced key usage) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Register-ObjectIdentifier -FriendlyName "Contoso Pharmaceuticals smart card policy" -Value "1.3.6.1.4.1.311.999.2" -OidGroup IssuancePolicy -CPSLocation "http://www.contoso.com/cps/documents/scpolicy.pdf" -UseActiveDirectory</dev:code><dev:remarks><maml:para>Registers an OID value '1.3.6.1.4.1.99999.1.2' and display name 'Contoso Pharmaceuticals smart card policy' as issuance policy (certificate policy) in a Active Directory. After next group policy propagation, OID registration will be available for all members in the current Active Directory forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/register-objectidentifier</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifierEx</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Unregister-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-AdCertificate</command:name><maml:description><maml:para>Removes certificate from AD PKI container.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>AdCertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Removes certificate from AD PKI container. Single container may contain multiple CA certificate objects. Exact object to remove is determined by AD certificate entry.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-AdCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>AdContainer</maml:name><maml:description><maml:para>AD PKI certificate container where the object is searched and removed when found.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsPkiCertContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more certificate objects to remove. Certificate objects can be retrieved from Certificates property of input DsPkiCertContainer container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">DsCertificateEntry[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all certificate objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-AdCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>AdContainer</maml:name><maml:description><maml:para>AD PKI certificate container where the object is searched and removed when found.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsPkiCertContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies an array of strings that represents certificate thumbprint to remove. All certificates with matching thumbprint will be deleted from Active Directory PKI certificate container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all certificate objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>AdContainer</maml:name><maml:description><maml:para>AD PKI certificate container where the object is searched and removed when found.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsPkiCertContainer</command:parameterValue><dev:type><maml:name>DsPkiCertContainer</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more certificate objects to remove. Certificate objects can be retrieved from Certificates property of input DsPkiCertContainer container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">DsCertificateEntry[]</command:parameterValue><dev:type><maml:name>DsCertificateEntry[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all certificate objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies an array of strings that represents certificate thumbprint to remove. All certificates with matching thumbprint will be deleted from Active Directory PKI certificate container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsPkiCertContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsPkiContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsPkiContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsPkiContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-AdPkiContainer -ContainerType NTAuth | Remove-AdCertificate -Thumbprint "EC9385E533782453D5C285B2A67311447FB57A6F", "3E778F108E7DC983939732AFAC3EE89383478973" -Dispose</dev:code><dev:remarks><maml:para>This command retrieves NTAuth container from Active Directory and removes all certificate occurences with specified certificate thumbprints. After operation completion, input object (NTAuth container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$aia = Get-AdPkiContainer -ContainerType AIA PS C:\> $entries = $aia.Certificates | Where-Object {$_.Name -eq "Contoso CA"} PS C:\> Get-AdPkiContainer -ContainerType AIA | Remove-AdCertificate -Certificate $entries -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>First line retrieves AIA (SubCA) container from Active Directory. Second line selects all certificate enries for "Contoso CA" in specified container. Third line removes selected entries from AIA container and deletes empty CA entry from Active Directory. After operation completion, input object (AIA container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/remove-adcertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AdPkiContainer</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-AdCertificateRevocationList</command:name><maml:description><maml:para>Removes certificate revocation list (CRL) from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>AdCertificateRevocationList</command:noun><dev:version /></command:details><maml:description><maml:para>Removes certificate revocation list (CRL) from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-AdCertificateRevocationList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CdpContainer</maml:name><maml:description><maml:para>Specifies the CDP container object to remove CRL from.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsCDPContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>CertificateRevocationList</maml:name><maml:description><maml:para>Specifies one or more CRL entries to remove. Parameter objects are part of 'RevocationLists' property of CDP container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">DsCrlEntry[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all CRL objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects. This parameter only deletes empty CRL entries and does not delete empty containers.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-AdCertificateRevocationList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CdpContainer</maml:name><maml:description><maml:para>Specifies the CDP container object to remove CRL from.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsCDPContainer</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies an array of strings that represents CRL thumbprint to remove. All CRLs with matching thumbprint will be deleted from Active Directory CDP container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all CRL objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects. This parameter only deletes empty CRL entries and does not delete empty containers.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CdpContainer</maml:name><maml:description><maml:para>Specifies the CDP container object to remove CRL from.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DsCDPContainer</command:parameterValue><dev:type><maml:name>DsCDPContainer</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>CertificateRevocationList</maml:name><maml:description><maml:para>Specifies one or more CRL entries to remove. Parameter objects are part of 'RevocationLists' property of CDP container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">DsCrlEntry[]</command:parameterValue><dev:type><maml:name>DsCrlEntry[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ForceDelete</maml:name><maml:description><maml:para>Deletes associated Active Directory entry when all CRL objects are removed from container. This operation keeps Active Directory in cleaner state by removing empty objects. This parameter only deletes empty CRL entries and does not delete empty containers.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Dispose</maml:name><maml:description><maml:para>Disposes input AD container object. AD container object contains active reference to LDAP object and it is recommended to release object when it is no longer necessary to avoid memory leaks.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies an array of strings that represents CRL thumbprint to remove. All CRLs with matching thumbprint will be deleted from Active Directory CDP container.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsCDPContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.ActiveDirectory.DsCDPContainer</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_ActiveDirectory_DsCDPContainer.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -Thumbprint "1C4BF393320A6C70D5C506AF9F422950B0C11EAB6273132C9B326438AB1C0929", "17FCB3E67512017E4611FBA9052164031F1D873F800E613A96AC09F77D269349" -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>This command retrieves CDP container from Active Directory and removes all CRLs with specified certificate thumbprints. If particular CDP entry in Active Directory is empty, it is deleted. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cdp = Get-AdPkiContainer -ContainerType CDP PS C:\> $entries = $cdp.RevocationLists | Where-Object {$_.HostName -eq "subca01"} PS C:\> Get-AdPkiContainer -ContainerType CDP | Remove-AdCertificateRevocationList -CRL $entries -Dispose -ForceDelete</dev:code><dev:remarks><maml:para>First line retrieves CDP container from Active Directory. Second line selects all CRL entries for "subca01" host name in specified container. Third line removes selected entries from CDP container and deletes empty CDP entries from Active Directory. After operation completion, input object (CDP container) is disposed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/remove-adcertificaterevocationlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AdPkiContainer</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdCertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Show-Certificate</command:name><maml:description><maml:para>Displays an X509Certificate2 object in a familiar GUI window.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Show</command:verb><command:noun>Certificate</command:noun><dev:version /></command:details><maml:description><maml:para>Displays an X509Certificate2 object in a familiar GUI window.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Show-Certificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an X509Certificate2 object to display.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Multipick</maml:name><maml:description><maml:para>Specifies whether to show single or multi certificate selection UI. Otherwise you will be able to select only one certificate from a certificate list.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an X509Certificate2 object to display.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue><dev:type><maml:name>X509Certificate2[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Multipick</maml:name><maml:description><maml:para>Specifies whether to show single or multi certificate selection UI. Otherwise you will be able to select only one certificate from a certificate list.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2[]</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ADKRACertificate | Show-Certificate -Multipick</dev:code><dev:remarks><maml:para>Displays certificate selection UI that allows you to select one or more certificates.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> dir cert:\currentuser\my | Show-Certificate</dev:code><dev:remarks><maml:para>Displays certificate selection UI that allows you to select only one certificate.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/show-certificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Show-CertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Show-CertificateRevocationList</command:name><maml:description><maml:para>Displays an X509CRL2 object in a familiar GUI window.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Show</command:verb><command:noun>CertificateRevocationList</command:noun><dev:version /></command:details><maml:description><maml:para>Displays an X509CRL2 object in a familiar GUI window.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Show-CertificateRevocationList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CRL</maml:name><maml:description><maml:para>Specifies a X509CRL2 object to display. An X509CRL2 object can be retrieved by using Get-CertificateRevocationList (or Get-CRL) cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRL2</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CRL</maml:name><maml:description><maml:para>Specifies a X509CRL2 object to display. An X509CRL2 object can be retrieved by using Get-CertificateRevocationList (or Get-CRL) cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRL2</command:parameterValue><dev:type><maml:name>X509CRL2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CRL2</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CRL2.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CRL -Path C:\file.crl | Show-CRL</dev:code><dev:remarks><maml:para>Displays a CRL object retrieved from the file in regular UI dialog.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/show-certificaterevocationlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateRevocationList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Show-CertificateTrustList</command:name><maml:description><maml:para>Displays a Certificate Trust List (CTL) object in a familiar GUI window.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Show</command:verb><command:noun>CertificateTrustList</command:noun><dev:version /></command:details><maml:description><maml:para>Displays a Certificate Trust List (CTL) object in a familiar GUI window.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Show-CertificateTrustList</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CTL</maml:name><maml:description><maml:para>An X509CTL object to display. An X509CTL object can be retrieved by using Get-CertificateTrustList (or Get-CTL) command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CertificateTrustList</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CTL</maml:name><maml:description><maml:para>An X509CTL object to display. An X509CTL object can be retrieved by using Get-CertificateTrustList (or Get-CTL) command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CertificateTrustList</command:parameterValue><dev:type><maml:name>X509CertificateTrustList</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Cryptography.X509Certificates.X509CertificateTrustList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Cryptography_X509Certificates_X509CertificateTrustList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CTL -Path C:\authroot.stl | Show-CTL</dev:code><dev:remarks><maml:para>Displays a CTL object retrieved from the file in regular UI dialog.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/show-certificatetrustlist</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTrustList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Submit-CertificateRequest</command:name><maml:description><maml:para>Submits certificate request to a Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Submit</command:verb><command:noun>CertificateRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Submits certificate request to a Certification Authority. The commands returns an object that indicates the status of the submission. If the certificate is issued immediately, issued certificate is included in the returned object.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Submit-CertificateRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a request file.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies a Certification Authority object to which the request is submitted. CA object can be retrieved by running either Get-CertificationAuthority or Connect-CertificationAuthority commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Credential</maml:name><maml:description><maml:para>Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Attribute</maml:name><maml:description><maml:para>Specifies optional attributes which are passed along with the request and are used by Certification Authority to construct the certificate. The following syntax is used:</maml:para><maml:para><AttributeName>:<AttributeValue></maml:para><maml:para>where <AttributeName> is an attribute name and <AttributeValue> is the value of the attribute. This command accepts multiple attributes.</maml:para><maml:para>For example, Enterprise CAs require certificate template information in the request, however, not all applications adds this information to the request (for example, Internet Information Service console, Exchange Management Console, non-Microsoft tools and other). In this case you can pass certificate template as an attribute:</maml:para><maml:para>CertificateTemplate:WebServer</maml:para><maml:para>where 'CertificateTemplate' is attribute name and 'WebServer' is attribute value (in a given example it is certificate template common name).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Submit-CertificateRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a request file.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>EnrollmentPolicyServer</maml:name><maml:description><maml:para>Specifies the enrollment policy server endpoint to which the request will be sent. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyServerClient</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Credential</maml:name><maml:description><maml:para>Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Attribute</maml:name><maml:description><maml:para>Specifies optional attributes which are passed along with the request and are used by Certification Authority to construct the certificate. The following syntax is used:</maml:para><maml:para><AttributeName>:<AttributeValue></maml:para><maml:para>where <AttributeName> is an attribute name and <AttributeValue> is the value of the attribute. This command accepts multiple attributes.</maml:para><maml:para>For example, Enterprise CAs require certificate template information in the request, however, not all applications adds this information to the request (for example, Internet Information Service console, Exchange Management Console, non-Microsoft tools and other). In this case you can pass certificate template as an attribute:</maml:para><maml:para>CertificateTemplate:WebServer</maml:para><maml:para>where 'CertificateTemplate' is attribute name and 'WebServer' is attribute value (in a given example it is certificate template common name).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies a Certification Authority object to which the request is submitted. CA object can be retrieved by running either Get-CertificationAuthority or Connect-CertificationAuthority commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue><dev:type><maml:name>CertificateAuthority</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Credential</maml:name><maml:description><maml:para>Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Attribute</maml:name><maml:description><maml:para>Specifies optional attributes which are passed along with the request and are used by Certification Authority to construct the certificate. The following syntax is used:</maml:para><maml:para><AttributeName>:<AttributeValue></maml:para><maml:para>where <AttributeName> is an attribute name and <AttributeValue> is the value of the attribute. This command accepts multiple attributes.</maml:para><maml:para>For example, Enterprise CAs require certificate template information in the request, however, not all applications adds this information to the request (for example, Internet Information Service console, Exchange Management Console, non-Microsoft tools and other). In this case you can pass certificate template as an attribute:</maml:para><maml:para>CertificateTemplate:WebServer</maml:para><maml:para>where 'CertificateTemplate' is attribute name and 'WebServer' is attribute value (in a given example it is certificate template common name).</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>EnrollmentPolicyServer</maml:name><maml:description><maml:para>Specifies the enrollment policy server endpoint to which the request will be sent. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyServerClient</command:parameterValue><dev:type><maml:name>PolicyServerClient</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a request file.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.IO.FileInfo[]</maml:name><maml:uri>https://msdn.microsoft.com/en-us/library/system.io.fileinfo.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.Enrollment.CertRequestStatus</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_Enrollment_CertRequestStatus.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Examlple 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$ca = Connect-CA ca01* PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer"</dev:code><dev:remarks><maml:para>First command retrieves CA object the request is submitted to. Second line submits certificate request (CSR) to CA server selected in first command and returns certificate request submission status (issued, pending, denied, failed). If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value. Request is submitted via RPC/DCOM transport.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cred = Get-Credential PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer" -CEP "https://cep.fabrikam.com/fabrikam%20Root%20CA1_CES_UsernamePassword/service.svc/CES" -Credential $cred</dev:code><dev:remarks><maml:para>First line requests user credentials to authenticate on certificate enrollment policy server (when user name and password authentication scheme is used). Second line submits certificate request to CA via certificate enrollment web services and returns submission status. If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/submit-certificaterequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Receive-Certificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Test-WebServerSSL</command:name><maml:description><maml:para>Tests remote web server SSL certificate.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Test</command:verb><command:noun>WebServerSSL</command:noun><dev:version /></command:details><maml:description><maml:para>Tests remote web server SSL certificate. The command connects to the specified web server address, establishes SSL tunnel, retrieves and examines returned certificate.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Test-WebServerSSL</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>URL</maml:name><maml:description><maml:para>Specifies a web server address to connect. The address MUST NOT contain a protocol prefix (https://). Only host names are allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Port</maml:name><maml:description><maml:para>Specifies the SSL port to connect. by default, port 443 is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Proxy</maml:name><maml:description><maml:para>Specifies a proxy address (including protocol prefix, host name and connection port) if necessary.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">WebProxy</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>Timeout</maml:name><maml:description><maml:para>Specifies the connection timeout in milliseconds. By default 15 seconds (15000 milliseconds) timeout is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseUserContext</maml:name><maml:description><maml:para>Specifies whether to build chain against user store. By default, certificate chain MUST be ended by a Root CA certificate that is stored in the Trusted Root CAs container in Local Machine store.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>URL</maml:name><maml:description><maml:para>Specifies a web server address to connect. The address MUST NOT contain a protocol prefix (https://). Only host names are allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Port</maml:name><maml:description><maml:para>Specifies the SSL port to connect. by default, port 443 is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>443</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Proxy</maml:name><maml:description><maml:para>Specifies a proxy address (including protocol prefix, host name and connection port) if necessary.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">WebProxy</command:parameterValue><dev:type><maml:name>WebProxy</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>Timeout</maml:name><maml:description><maml:para>Specifies the connection timeout in milliseconds. By default 15 seconds (15000 milliseconds) timeout is used.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>15000</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UseUserContext</maml:name><maml:description><maml:para>Specifies whether to build chain against user store. By default, certificate chain MUST be ended by a Root CA certificate that is stored in the Trusted Root CAs container in Local Machine store.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.Web.WebSSL</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_Web_WebSSL.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Test-WebServerSSL -URL login.live.com</dev:code><dev:remarks><maml:para>The command initiates the SSL connection to 'https://login.live.com' on port 443 and examines SSL certificate. Actual SSL certificate is added to the returned object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Test-WebServerSSL -url paypal.com -Proxy "http://proxy.company.com:8080" -Timeout 20000</dev:code><dev:remarks><maml:para>This command initiates a SSL connection to 'https://paypal.com' on port 443 by using spefied proxy address and examines SSL certificate. The timeout for the connection is 20 seconds (20000 milliseconds). Actual SSL certificate is added to the returned object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Test-WebServerSSL</maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Unregister-ObjectIdentifier</command:name><maml:description><maml:para>Unregisters object identifier (OID) information from local computer, Active Directory or both sources.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Unregister</command:verb><command:noun>ObjectIdentifier</command:noun><dev:version /></command:details><maml:description><maml:para>Unregisters object identifier (OID) information from local computer, Active Directory or both sources. Additionally, the command accepts pipeline input from the following commands: Get-ObjectIdentifier and Get-ObjectIdentifierEx.</maml:para><maml:para>In order the command to succeed the caller must be granted with: 1) local administrator permissions — if an OID is registered locally. 2) Enterprise Admins permissions, or delegated Write permissions on OID container in Active Directory, if 'UseActiveDirectory' switch is enabled.</maml:para><maml:para>OID container in Active Directory is located under: CN=Public Key Services, CN=Services, <Configuration Naming Context>.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Unregister-ObjectIdentifier</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Value</maml:name><maml:description><maml:para>Specifies an OID friendly name, value or System.Security.Cryptography.Oid2 object that contains information about OID to unregister. Only specified instance is unregistered. By default, the command attempts to unregister specified OID information from local machine only. In order to unregister OID information in Active Directory, use 'UseActiveDirectory' switch.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Specifies whether to perform registration removal from Active Directory too.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>By default, the script explicitly prompts you whether you want to remove OID registration with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration removal.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Value</maml:name><maml:description><maml:para>Specifies an OID friendly name, value or System.Security.Cryptography.Oid2 object that contains information about OID to unregister. Only specified instance is unregistered. By default, the command attempts to unregister specified OID information from local machine only. In order to unregister OID information in Active Directory, use 'UseActiveDirectory' switch.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid2</command:parameterValue><dev:type><maml:name>Oid2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="named"><maml:name>UseActiveDirectory</maml:name><maml:description><maml:para>Specifies whether to perform registration removal from Active Directory too.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>By default, the script explicitly prompts you whether you want to remove OID registration with selected values. If you want to implement silent (quiet) installations — specify this parameter to suppress any prompts during OID registration removal.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>WhatIf</maml:name><maml:description><maml:para>Describes what would happen if you executed the command without actually executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Confirm</maml:name><maml:description><maml:para>Prompts you for confirmation before executing the command.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Cryptography.Oid2</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pkix.net/html/T_System_Security_Cryptography_Oid2.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Unregister-ObjectIdentifier -Value "Remote Desktop Authentication" -UseActiveDirectory</dev:code><dev:remarks><maml:para>Unregisters a custom OID that was previously registered in Active Directory.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ObjectIdentifierEx -Value "Company smart card policy" -UseActiveDirectory | Unregister-ObjectIdentifier</dev:code><dev:remarks><maml:para>Gets information about OID registration with friendly name 'Company smart card policy' and deletes all OID registrations from local system and Active Directory.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/unregister-objectidentifier</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ObjectIdentifierEx</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Register-ObjectIdentifier</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command></helpItems> |