Server/PSPKI.Help.xml
<?xml version="1.0" encoding="utf-8"?><helpItems schema="maml"><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor-->
<command:details><command:name>Add-AuthorityInformationAccess</command:name><maml:description><maml:para>Adds new Certification Authority Authority Information Access (AIA) paths.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>AuthorityInformationAccess</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new Certification Authority Authority Information Access (AIA) paths. This command doesn't change actual settings, but just prepares AIA URIs.</maml:para><maml:para>Authority Information Access (AIA) extension is used to specify issuer's resources location like CRT file and/or Online Certificate Status Protocol (OCSP) URIs in the issued certificates AIA extension.</maml:para><maml:para>When you define CRT file URIs it can be used by certificate chaining engine to retrieve particular certificate's issuer certificate. If an URI is missing or broken, certificate verification may fail and the certificate would be rejected. This command don't support physical CRT file publishing options, as the result you need to manually copy a file to the target locations. Original CRT file is placed in %windir%\system32\certsvc\certenroll folder. You may specify multiple URIs for redundancy. URIs are checked in the same order as they are placed in the certificate's AIA extension until issuer's certificate is retrieved. The most accessible URI should be placed first. This command adds new URIs below existing URIs. It is recommended to specify no more than two CRT location URIs. This is because if the first two URIs fails, client will fail chain building due to a timeout and certificate would be rejected.</maml:para><maml:para>OCSP URI can be used by a clients to determine certificate revocation status. Unlike CRLs, OCSP consume very little network traffic (about 2kb for request and response). Currently only HTTP protocol is supported by OCSP locations. In Windows Vista and newer systems OCSP has higher priority than CRLDistributionPoints extension. Thus OCSP URIs are processed first. OCSP URIs has their own precedence rules, thus OCSP URIs are checked in the same order as they are placed in the certificate's AIA extension until revocation status is determined. It doesn't matter whether OCSP URIs are placed prior or after CRT file location URIs, because they are grouped in a different access methods. Here is an example:</maml:para><maml:para>[1]Authority Info Access Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) Alternative Name: URL=http://eu.company.com/ocsp URL=http://na.company.com/ocsp [2]Authority Info Access Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) Alternative Name: URL=http://eu.company.com/MyCA.crt URL=http://na.company.com/MyCA.crt</maml:para><maml:para>in a given example even if CRT file URIs are placed after OCSP URIs certificate chaining engine will use Certification Authority Issuer's URIs first during chain building. The frist URI http://eu.company.com/MyCA.crt will be used. If it fails, http://na.company.com/MyCA.crt will be used.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-AuthorityInformationAccess</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the AuthorityInformationAccess object to which new CRT distribution points are added. This object can be retrieved by running Get-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies new CRT file publishing points for specified CA server. Must be passed in the following format: <Flags>:<RelativeURI>, where <Flags> is a combination of publishing flags. The following values are possible for <Flags>: 1 - Publish CRT's to this location. This flag is deprecated and can be used only with default local path. 2 - Include in the AIA extension of issued certificates. 32 - Include in the Online Certificate Status Protocol (OCSP) extension.</maml:para><maml:para>Within <RelativeURI> you can use the following variables:</maml:para><maml:para>%1 - the CA's computer DNS name %2 - the CA's computer NetBIOS name %3 - CA's logical name %4 - CA's certificates name %6 - the LDAP path of the forest's configuration naming context for the forest %7 - CA's 'sanitized' name. This is the same as CA name but with the following characters removed: \/:\*?"<>| %11 - indicates that CA certificate is certificate object in AD CS</maml:para><maml:para>With Windows CA you should assert %4 variable within URI. This is important when you renew CA's certificate. After CA certificate renewal, CA server will maintain both certificates, previous and renewed. To differentiate them, CA server will include certificate index in the parentheses. For example you have specified the following URI: 2:http://eu.company.com/MyCA%4.crt In a given example CA server with initial CA certificate will publish the following URI in the issued certificates AIA extension: http://eu.company.com/MyCA.crt Once CA certificate is renewed, CA certificate will generate new CRT file with corresponding index and in newly issued certificates the following URI will be published: http://eu.company.com/MyCA(1).crt Subsequent CA certificate renewals will cause URI update accordingly.</maml:para><maml:para>This allows clients to build correct certificate chains for previously and newly issued certificates. Also you don't need to change CRT file location after CA certificate renewal, because CA server will automatically place correct CA certificate file name.</maml:para><maml:para>Note: Windows PKI supports the following URI formats. for CA certificate publishing: ldap:///<DirectoryAccessProtocolPath> UNC or absolute physical paths are no longer supported.</maml:para><maml:para>for CA certificate retrieval: http://<DomainURL>/<VirtualDirectoryAndFilePath>.crt ldap:///<DirectoryAccessProtocolPath> ldap://<hostname>/<path>?<query></maml:para><maml:para>Note: ldap:///<DirectoryAccessProtocolPath> URI type assumes Active Directory usage and must contain forest root domain domain component (DC=...) within LDAP path. This may cause big retrieval delays. Since Active Directory may contain many domain controllers and specified in LDAP URI content is automatically replicated between all domain controllers in the current forest. To simplify content retrieval from Active Directory CryptoAPI may not contact forest root domain, but contact nearest to client domain controller. Nearest domain controller is placed in $env:LogonServer system variable (or %LogonServer% in CMD syntax). </maml:para><maml:para>Also Windows PKI supports another form of LDAP URIs with host name: ldap://<hostname>/path?query</maml:para><maml:para>In this case client will not contact domain controller, but specified host directly. Unlike ldap:/// URI form, ldap://<hostname> may use 3rd party LDAP-compatible directory. Automatic content (CA certificate or certificate revocation list) publishing to such directories is not supported. You will have to manually publish CA certificates to these directories by using external means.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the AuthorityInformationAccess object to which new CRT distribution points are added. This object can be retrieved by running Get-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue><dev:type><maml:name>AuthorityInformationAccess[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies new CRT file publishing points for specified CA server. Must be passed in the following format: <Flags>:<RelativeURI>, where <Flags> is a combination of publishing flags. The following values are possible for <Flags>: 1 - Publish CRT's to this location. This flag is deprecated and can be used only with default local path. 2 - Include in the AIA extension of issued certificates. 32 - Include in the Online Certificate Status Protocol (OCSP) extension.</maml:para><maml:para>Within <RelativeURI> you can use the following variables:</maml:para><maml:para>%1 - the CA's computer DNS name %2 - the CA's computer NetBIOS name %3 - CA's logical name %4 - CA's certificates name %6 - the LDAP path of the forest's configuration naming context for the forest %7 - CA's 'sanitized' name. This is the same as CA name but with the following characters removed: \/:\*?"<>| %11 - indicates that CA certificate is certificate object in AD CS</maml:para><maml:para>With Windows CA you should assert %4 variable within URI. This is important when you renew CA's certificate. After CA certificate renewal, CA server will maintain both certificates, previous and renewed. To differentiate them, CA server will include certificate index in the parentheses. For example you have specified the following URI: 2:http://eu.company.com/MyCA%4.crt In a given example CA server with initial CA certificate will publish the following URI in the issued certificates AIA extension: http://eu.company.com/MyCA.crt Once CA certificate is renewed, CA certificate will generate new CRT file with corresponding index and in newly issued certificates the following URI will be published: http://eu.company.com/MyCA(1).crt Subsequent CA certificate renewals will cause URI update accordingly.</maml:para><maml:para>This allows clients to build correct certificate chains for previously and newly issued certificates. Also you don't need to change CRT file location after CA certificate renewal, because CA server will automatically place correct CA certificate file name.</maml:para><maml:para>Note: Windows PKI supports the following URI formats. for CA certificate publishing: ldap:///<DirectoryAccessProtocolPath> UNC or absolute physical paths are no longer supported.</maml:para><maml:para>for CA certificate retrieval: http://<DomainURL>/<VirtualDirectoryAndFilePath>.crt ldap:///<DirectoryAccessProtocolPath> ldap://<hostname>/<path>?<query></maml:para><maml:para>Note: ldap:///<DirectoryAccessProtocolPath> URI type assumes Active Directory usage and must contain forest root domain domain component (DC=...) within LDAP path. This may cause big retrieval delays. Since Active Directory may contain many domain controllers and specified in LDAP URI content is automatically replicated between all domain controllers in the current forest. To simplify content retrieval from Active Directory CryptoAPI may not contact forest root domain, but contact nearest to client domain controller. Nearest domain controller is placed in $env:LogonServer system variable (or %LogonServer% in CMD syntax). </maml:para><maml:para>Also Windows PKI supports another form of LDAP URIs with host name: ldap://<hostname>/path?query</maml:para><maml:para>In this case client will not contact domain controller, but specified host directly. Unlike ldap:/// URI form, ldap://<hostname> may use 3rd party LDAP-compatible directory. Automatic content (CA certificate or certificate revocation list) publishing to such directories is not supported. You will have to manually publish CA certificates to these directories by using external means.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AIA | Add-AuthorityInformationAccess -URI "2:http://eu.company.com/MyCA%4.crt" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve AIA extension configuration from 'MyCA' CA server and adds new URI that will be published in all issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name RootCA | Get-AuthorityInformationAccess | Add-AuthorityInformationAccess -URI "32:http://na.company.com/OCSP" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve AIA extension configuration from 'RootCA' CA server and adds new URI that will be published in all issued certificates as OCSP location. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-AuthorityInformationAccess</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-CAKRACertificate</command:name><maml:description><maml:para>Adds new Key Recovery Agent (KRA) certificate to a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>CAKRACertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new Key Recovery Agent (KRA) certificate to a specified Certification Authority (CA). This command doesn't change actual settings, but just prepares KRA object. To change KRAs on CA use this command in conjunction with Set-CAKRACertificate command.</maml:para><maml:para>Key Recovery Agent certificate is used to encrypt user certificate's private key and store it in the CA database in a encrypted form. In the case when user cannot access his or her certificate private key, it is possible to recover it by key recovery agent (if Key Archival procedure was taken against particular certificate).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-CAKRACertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-AdPkiContainer command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more X509Certificate2 objects that represent key recovery agent certificate(s). To retrieve a list of enterprise key recovery agent certificates use Get-ADKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-AdPkiContainer command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue><dev:type><maml:name>KRA[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more X509Certificate2 objects that represent key recovery agent certificate(s). To retrieve a list of enterprise key recovery agent certificates use Get-ADKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue><dev:type><maml:name>X509Certificate2[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_KRA.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_KRA.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $KRACerts = Get-ADKRACertificate -Subject "CN=Key Recovery*" C:\PS>Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Add-CAKRACertificate -Certificate $certs | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>First command retrieves from Active Directory all KRA certificates where subject field starts with 'CN=Key Recovery' (in DN format). Second command will retrieve currently assigned KRA certificates to 'MyCA' CA server and adds new certificates obtained in first command. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Certs = Get-ADKRACertificate -ShowUI -Multipick C:\PS>Get-CertificationAuthority | Get-CAKRACertificate | Add-CAKRACertificate $Certs | Set-Certificate -RestartCA</dev:code><dev:remarks><maml:para>In this example first command will display certificate selection UI where you can select available KRA certificates. Second command will add selected (in previous command) certificates to currently assigned certificates and writes new certificate list back to a CA server. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-CAKRACertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-CATemplate</command:name><maml:description><maml:para>Adds certificate templates to a list of templates to issue to a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>CATemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Adds certificate templates to a list of templates to issue by a specified Certification Authority (CA).</maml:para><maml:para>This command just prepares a new template list to be added to CA server. In order to write the new list to CA server use Set-CATemplate command (see examples).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority object with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies template (or templates) display names to assign to a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority object with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies template (or templates) common names to assign to a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority object with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Template</maml:name><maml:description><maml:para>Specifies template (or templates) object to assign to a specified CA server. Template object can be retrieved by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority object with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue><dev:type><maml:name>CATemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies template (or templates) display names to assign to a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies template (or templates) common names to assign to a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Template</maml:name><maml:description><maml:para>Specifies template (or templates) object to assign to a specified CA server. Template object can be retrieved by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue><dev:type><maml:name>CertificateTemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Add-CATemplate -Name "SmartCardV2","OfflineComputer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add 'SmartCardV2' and 'OfflineComputer' templates (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and assigns them to a 'Company CA01' certification authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Add-CATemplate -DisplayName "Computer V2", "CA Exchange" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add templates with display names: 'Computer V2' (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and 'CA Exchange' and assigns them to all Enterprise CAs in the forest.</maml:para><maml:para>This example is useful to provide template redundancy, so clients are able to enroll for a certificate even if one CA server is down (offline).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -Name WebServer C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Add-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example the first command retrieves template object by running Get-CertificateTemplate command. In the second line, adds this template to a CA server running on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-CATemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-CertificateTemplateAcl</command:name><maml:description><maml:para>Adds new Access Control Entry (ACE) to a certificate template Access Control List (ACL).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>CertificateTemplateAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new Access Control Entry (ACE) to a certificate template Access Control List (ACL).</maml:para><maml:para>This command only prepares new certificate template ACL object. In order to write it to the actual object in Active Directory use this command's result to Set-CertificateTemplateAcl cmdlet (see Examples section).</maml:para><maml:para>Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of certificate template. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL. If the template is intended for computers, use computer accounts and groups that contain computer accounts. If the template is intended for users, use user accounts and groups that contain user accounts. Use only global and/or universal groups. Domain Local groups are not allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies a set of permissions to assign. The following values can be used: 'FullControl', 'Read', 'Write', 'Enroll', 'Autoenroll'.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertTemplateRights</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of certificate template. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateAccessRule[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of certificate template. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertTemplateSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies a set of permissions to assign. The following values can be used: 'FullControl', 'Read', 'Write', 'Enroll', 'Autoenroll'.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertTemplateRights</command:parameterValue><dev:type><maml:name>CertTemplateRights</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL. If the template is intended for computers, use computer accounts and groups that contain computer accounts. If the template is intended for users, use user accounts and groups that contain user accounts. Use only global and/or universal groups. Domain Local groups are not allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateAccessRule[]</command:parameterValue><dev:type><maml:name>CertTemplateAccessRule[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Add-CertificateTemplateAcl -Identity "Web Servers Global" -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This commands adds 'Web Servers Global' global security group to the certificate template 'WebServers' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$SourceACL = Get-CertificateTemplate -Name "WebServer" | Get-CertificateTemplateAcl PS C:\> $DestinationACL = Get-CertificateTemplate -Name "WebServerV2" | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -Force PS C:\> $DestinationACL | Add-CertificateTemplateAcl -AccessRule $SourceACL.Access | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This example shows techniques used to copy and replace ACL from source certificate template to destination certificate template. a) First line retrieves ACL from source certificate template with common name "WebServer". b) Second line retrieves existing ACL from destination certificate template and clears all Access Control Entries (ACE). c) Third line copies ACEs from source certificate template to destination certificate template.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-CertificateTemplateAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-CertificationAuthorityAcl</command:name><maml:description><maml:para>Adds new Access Control Entry (ACE) to a Certification Authority's Access Control List (ACL).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>CertificationAuthorityAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new Access Control Entry (ACE) to a Certification Authority's Access Control List (ACL).</maml:para><maml:para>This command performs ACL object change. Use Set-CertificationAuthorityAcl to write modified ACL to CA configuration.</maml:para><maml:para>Note: CA security descriptor supports only one ACE per principal. Therefore, if added prinicpal already has explicit permissions on CA server, existing ACE is updated.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Certification Authority. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies the access mask to apply to entities specified in '-Identity' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertSrvRights</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Certification Authority. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies an ACL object of Certification Authority. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvAccessRule[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Certification Authority. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertSrvSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies the access mask to apply to entities specified in '-Identity' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertSrvRights</command:parameterValue><dev:type><maml:name>CertSrvRights</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies an ACL object of Certification Authority. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvAccessRule[]</command:parameterValue><dev:type><maml:name>CertSrvAccessRule[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CertificationAuthority "ca01.example.com" | Get-CertificationAuthorityAcl | Add-CertificationAuthorityAcl -Identity "Cert Managers" -AccessType "Allow" -AccessMask "ManageCertificates" | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>In this example, existing Access Control List (ACL) object is retrieved from CA server hosted on "ca01.example.com" and added new "Allow" Access Control Entry (ACE) for group "Cert Managers" with "ManageCertificates" access and writes new ACL back to CA server configuration. CA service is restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$SourceACL = Get-CertificationAuthority "ca01.example.com" | Get-CertificationAuthorityAcl PS C:\> $DestinationACL = Get-CertificationAuthority "ca01.example.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -Force PS C:\> $DestinationACL | Add-CertificationAuthorityAcl -AccessRule $SourceACL.Access | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example shows techniques used to copy and replace ACL from source CA to destination CA. a) First line retrieves ACL from source CA server hosted on "ca01.example.com". b) Second line retrieves existing ACL from destination CA server hosted on "ca02.example.com" and clears all Access Control Entries (ACE). c) Third line copies ACEs from source CA to destination CA. Destination CA service is restarted to immediately apply new ACL.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-CertificationAuthorityAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-CRLDistributionPoint</command:name><maml:description><maml:para>Adds new CRL distribution points (CDP) to a specified Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>CRLDistributionPoint</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new CRL distribution points (CDP) to a specified Certification Authority. This command doesn't change actual settings, but just prepares the CDP URIs.</maml:para><maml:para>CDP Extension consist of two URI types:</maml:para><maml:para>-- for physical CRL file publishing. These URIs are not appeared in the certificate CDP extension. -- for publishing in the certificate/CRL appropriate extensions.</maml:para><maml:para>Published URIs are used by certificate chaining engine during certificate revocation status checking. URIs are checked in the same order as they are placed in the certificate's CDP extension until CRL is retrieved. The most accessible URI should be placed first. This command adds new URIs below existing URIs. It is recommended to specify no more than two CRL location URIs (for Base CRLs). This is because if the first two URIs fails, client will fail revocation checking due of timeout and certificate might be rejected. Here is an example:</maml:para><maml:para>[1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://eu.company.com/MyCA.crl URL=http://na.company.com/MyCA.crl</maml:para><maml:para>In a given example http://eu.company.com/MyCA.crl is processed first. If this URI fails, http://na.company.com/MyCA.crl will be used. If both URIs fails, client application should report 'Revocation offline' error.</maml:para><maml:para>Note: If certificate's AIA extension contains OCSP URIs and client application supports OCSP, it is used first. Otherwise CDP extension is used. If all OCSP locations fail, CDP extension is used. In certain cases applications (for example CryptoAPI) that supports OCSP may elect to ignore OCSP and use CDP extension instead. Thus it is very important to maintain correct and actual URIs in the CDP extension.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-CRLDistributionPoint</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLDistributionPoint object to which add new CRL distribution points. This object can be retrieved by running Get-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies new CRL file publishing distribution points for particular CA. Must be passed in the following format: <Flags>:<RelativeURI>, where <Flags> is a combination of publishing flags. The following values are possible for <Flags>:</maml:para><maml:para>1 - Publish CRLs to this location. 2 - Include in all issued certificates. 4 - Include in CRLs. Clients use this to find delta CRL locations. 8 - Include in the CDP extension of CRLs. 64 - Publish delta CRLs to this location. Specifies where to publish in AD DS when publishing to LDAP URLs. 128 - Include in the IDP extension of issued CRLs.</maml:para><maml:para>Within <RelativeURI> you can use the following variables:</maml:para><maml:para>%1 - the CA's computer DNS name. %2 - the CA's computer NetBIOS name. %3 - CA's logical name. %6 - the LDAP path of the forest's configuration naming context for the forest. %7 - CA's 'sanitized' name. This is the same as CA name but with encoded special characters, such: \/:\*?"<>|. %8 - the CRL's renewal extension. %9 - indicates whether Delta CRLs are supported by this CA. %10 - indicates that the object is CDP object in AD CS.</maml:para><maml:para>With Windows CA you should assert %8 variable within URI. It is important when you renew CA's certificate with new key pair. After CA certificate renewal CA server will maintain both CRLs that are signed by previous and renewed CA certificate. To separate them CA server will include certificate index in the parenthesises. For example you have specified the following URI: 6:http://eu.company.com/MyCA%8.crl In a given example CA server with initial CA certificate will publish the following URI in the issued certificates AIA extension: http://eu.company.com/MyCA.crl Once CA certificate is renewed with new key pair, CA certificate will generate new CRLs files with corresponding index and in newly issued certificates the following URI will be published: http://eu.company.com/MyCA(1).crl Subsequent CA certificate renewals with new key pair will cause URI update accordingly.</maml:para><maml:para>Note: Windows PKI supports the following URI formats. for CRL publishing <DriveLetter>:\<FilePath>.crl file://\<RemoteServerName>\<ShareName>\<FilePath>.crl \<RemoteServerName>\<ShareName>\<FilePath>.crl ldap:///<DirectoryAccessProtocolPath></maml:para><maml:para>for CRL retrieval: http://<DomainURL>/<VirtualDirectoryAndFilePath>.crl ldap:///<DirectoryAccessProtocolPath> ldap://<hostname>/<path>?<query></maml:para><maml:para>Note: ldap:///<DirectoryAccessProtocolPath> URI type assumes Active Directory usage and must contain forest root domain domain component (DC=...) within LDAP path. This may cause big retrieval delays. Since Active Directory may contain many domain controllers and specified in LDAP URI content is automatically replicated between all domain controllers in the current forest. To simplify content retrieval from Active Directory CryptoAPI may not contact forest root domain, but contact nearest to client domain controller. Nearest domain controller is placed in $env:LogonServer system variable (or %LogonServer% in CMD syntax).</maml:para><maml:para>Also Windows PKI supports another form of LDAP URIs with host name: ldap://<hostname>/path?query</maml:para><maml:para>In this case client will not contact domain controller, but specified host directly. Unlike ldap:/// URI form, ldap://<hostname> may use 3rd party LDAP-compatible directory. Automatic content (CA certificate or certificate revocation list) publishing to such directories is not supported. You will have to manually publish CA certificates to these directories by using external means.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLDistributionPoint object to which add new CRL distribution points. This object can be retrieved by running Get-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue><dev:type><maml:name>CRLDistributionPoint[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies new CRL file publishing distribution points for particular CA. Must be passed in the following format: <Flags>:<RelativeURI>, where <Flags> is a combination of publishing flags. The following values are possible for <Flags>:</maml:para><maml:para>1 - Publish CRLs to this location. 2 - Include in all issued certificates. 4 - Include in CRLs. Clients use this to find delta CRL locations. 8 - Include in the CDP extension of CRLs. 64 - Publish delta CRLs to this location. Specifies where to publish in AD DS when publishing to LDAP URLs. 128 - Include in the IDP extension of issued CRLs.</maml:para><maml:para>Within <RelativeURI> you can use the following variables:</maml:para><maml:para>%1 - the CA's computer DNS name. %2 - the CA's computer NetBIOS name. %3 - CA's logical name. %6 - the LDAP path of the forest's configuration naming context for the forest. %7 - CA's 'sanitized' name. This is the same as CA name but with encoded special characters, such: \/:\*?"<>|. %8 - the CRL's renewal extension. %9 - indicates whether Delta CRLs are supported by this CA. %10 - indicates that the object is CDP object in AD CS.</maml:para><maml:para>With Windows CA you should assert %8 variable within URI. It is important when you renew CA's certificate with new key pair. After CA certificate renewal CA server will maintain both CRLs that are signed by previous and renewed CA certificate. To separate them CA server will include certificate index in the parenthesises. For example you have specified the following URI: 6:http://eu.company.com/MyCA%8.crl In a given example CA server with initial CA certificate will publish the following URI in the issued certificates AIA extension: http://eu.company.com/MyCA.crl Once CA certificate is renewed with new key pair, CA certificate will generate new CRLs files with corresponding index and in newly issued certificates the following URI will be published: http://eu.company.com/MyCA(1).crl Subsequent CA certificate renewals with new key pair will cause URI update accordingly.</maml:para><maml:para>Note: Windows PKI supports the following URI formats. for CRL publishing <DriveLetter>:\<FilePath>.crl file://\<RemoteServerName>\<ShareName>\<FilePath>.crl \<RemoteServerName>\<ShareName>\<FilePath>.crl ldap:///<DirectoryAccessProtocolPath></maml:para><maml:para>for CRL retrieval: http://<DomainURL>/<VirtualDirectoryAndFilePath>.crl ldap:///<DirectoryAccessProtocolPath> ldap://<hostname>/<path>?<query></maml:para><maml:para>Note: ldap:///<DirectoryAccessProtocolPath> URI type assumes Active Directory usage and must contain forest root domain domain component (DC=...) within LDAP path. This may cause big retrieval delays. Since Active Directory may contain many domain controllers and specified in LDAP URI content is automatically replicated between all domain controllers in the current forest. To simplify content retrieval from Active Directory CryptoAPI may not contact forest root domain, but contact nearest to client domain controller. Nearest domain controller is placed in $env:LogonServer system variable (or %LogonServer% in CMD syntax).</maml:para><maml:para>Also Windows PKI supports another form of LDAP URIs with host name: ldap://<hostname>/path?query</maml:para><maml:para>In this case client will not contact domain controller, but specified host directly. Unlike ldap:/// URI form, ldap://<hostname> may use 3rd party LDAP-compatible directory. Automatic content (CA certificate or certificate revocation list) publishing to such directories is not supported. You will have to manually publish CA certificates to these directories by using external means.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority RootCA | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "6:http://crl.domain.com/%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will add new CDP URI to certificate CDP for 'RootCA' CA server. Also this will add new URI in Freshest CRL in CRL CDP to locate corresponding Delta CRL. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "65:\\ServerName\crlfile%9.crl", "65:C:\CertData\%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This will add new paths for Base and Delta CRL file publication for all CAs in the current forest. This example will not add any new URIs in certificate CDP extension, but instructs CA to publish physical CRL files to the specified locations. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-CRLDistributionPoint</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-ExtensionList</command:name><maml:description><maml:para>Adds certificate enabled/disabled extension lists.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>ExtensionList</command:noun><dev:version /></command:details><maml:description><maml:para>Adds certificate enabled/disabled extension lists. Extensions are separated in 3 categories:</maml:para><maml:para>EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request. OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used. DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.</maml:para><maml:para>For more details see corresponding parameter description.</maml:para><maml:para>Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-ExtensionList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the ExtensionList object with configured extensions. This object can be retrieved by running Get-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>EnabledExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions that are added to the issued certificate upon request. This list is processed by a policy module each time the request is resolved (produces issued certificate). You should carefully use this property and do not enable security-critical extension, like Subject Alternative Names (SAN). CA server performs additional extension processing by using 'OfflineExtension' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>OfflineExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions that are added to the issued certificate against offline request. 'offline' request is such request which includes subject information and CA server do not use Active Directory to build certificate's subject. For example, requests based on default 'WebServer' certificate template are considered as 'offline', because the template is configured to build the subject from submitted request. If certificate template is configured to build the subject from Active Directory, OfflineExtensionList property has no effect and any extensions in the request are written to CA database, but not included in issued certificate.</maml:para><maml:para>For Standalone CAs, all requests are treated as 'offline'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3"><maml:name>DisabledExtension</maml:name><maml:description><maml:para>Add one or more extension friendly name or extension OID to prevent from publishing in certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the ExtensionList object with configured extensions. This object can be retrieved by running Get-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue><dev:type><maml:name>ExtensionList[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>EnabledExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions that are added to the issued certificate upon request. This list is processed by a policy module each time the request is resolved (produces issued certificate). You should carefully use this property and do not enable security-critical extension, like Subject Alternative Names (SAN). CA server performs additional extension processing by using 'OfflineExtension' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>OfflineExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions that are added to the issued certificate against offline request. 'offline' request is such request which includes subject information and CA server do not use Active Directory to build certificate's subject. For example, requests based on default 'WebServer' certificate template are considered as 'offline', because the template is configured to build the subject from submitted request. If certificate template is configured to build the subject from Active Directory, OfflineExtensionList property has no effect and any extensions in the request are written to CA database, but not included in issued certificate.</maml:para><maml:para>For Standalone CAs, all requests are treated as 'offline'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3"><maml:name>DisabledExtension</maml:name><maml:description><maml:para>Add one or more extension friendly name or extension OID to prevent from publishing in certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This example will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -EnabledExtension "Certificate Policies" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>Adds 'Certificate Policies' extension to a extension list that is allowed to be published in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-ExtensionList</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-OnlineResponderAcl</command:name><maml:description><maml:para>Adds new Access Control Entry (ACE) to a Certification Authority's Access Control List (ACL).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>OnlineResponderAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new Access Control Entry (ACE) to a Online Responder's Access Control List (ACL).</maml:para><maml:para>This command performs ACL object change. Use Set-OnlineResponderAcl to write modified ACL to Online Responder configuration.</maml:para><maml:para>Note: Online Responder security descriptor supports only one ACE per principal. Therefore, if added prinicpal already has explicit permissions on Online Responder server, existing ACE is updated.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies the access mask to apply to entities specified in '-Identity' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderRights</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies the new access control entry object to add.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderAccessRule[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>OcspResponderSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies access type. Access type can be either: Allow or Deny. Try to avoid Deny access type usage. Instead, you should remove an account from the ACL or grant only required permissions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessMask</maml:name><maml:description><maml:para>Specifies the access mask to apply to entities specified in '-Identity' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderRights</command:parameterValue><dev:type><maml:name>OcspResponderRights</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies a user, computer or a group to add to ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>AccessRule</maml:name><maml:description><maml:para>Specifies the new access control entry object to add.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderAccessRule[]</command:parameterValue><dev:type><maml:name>OcspResponderAccessRule[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Add-OnlineResponderAcl -Identity "OCSP Admins" -AccessType "Allow" -AccessMask "Manage" | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>In this example, existing Access Control List (ACL) object is retrieved from Online Responder server hosted on "ocsp1.example.com" and added new "Allow" Access Control Entry (ACE) for group "OCSP Admins" with "Manage" access and writes new ACL back to Online Responder configuration.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$SourceACL = Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Get-OnlineResponderAcl PS C:\> $DestinationACL = Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Force PS C:\> $DestinationACL | Add-OnlineResponderAcl -AccessRule $SourceACL.Access | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>This example shows techniques used to copy and replace ACL from source Online Responder to destination Online Responder. a) First line retrieves ACL from source Online Responder hosted on "ocsp1.example.com". b) Second line retrieves existing ACL from destination Online Responder hosted on "ocsp3.example.com" and clears all Access Control Entries (ACE). c) Third line copies ACEs from source Online Responder to destination Online Responder.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-OnlineResponderAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-OnlineResponderArrayMember</command:name><maml:description><maml:para>Adds Online Responder server to an Online Responder Array.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>OnlineResponderArrayMember</command:noun><dev:version /></command:details><maml:description><maml:para>Adds Online Responder server to an Online Responder Array.</maml:para><maml:para>This command does:</maml:para><maml:para>-- removes source Online Responder from its array -- removes all existing revocation configurations -- adds server to new array -- copies revocation configurations from new array's array controller</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-OnlineResponderArrayMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ArrayController</maml:name><maml:description><maml:para>Array controller of an Online Responder array new server is added to. Revocation configuration from this object is copied to new array member specified in '-ArrayMember' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>ArrayMember</maml:name><maml:description><maml:para>Array member server that is added to a new array. Can be array controller or array member.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ArrayController</maml:name><maml:description><maml:para>Array controller of an Online Responder array new server is added to. Revocation configuration from this object is copied to new array member specified in '-ArrayMember' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue><dev:type><maml:name>OcspResponder</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>ArrayMember</maml:name><maml:description><maml:para>Array member server that is added to a new array. Can be array controller or array member.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue><dev:type><maml:name>OcspResponder</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$NewMember = Connect-OnlineResponder "ocsp3.example.com" PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Add-ArrayMember -NewMember $NewMember</dev:code><dev:remarks><maml:para>First line connects to Online Responder server hosted on "ocsp3.example.com" and adds it to a new array with "ocsp1.example.com" array controller.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/add-onlineresponderarraymember</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderArrayMember</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-OnlineResponderLocalCrlEntry</command:name><maml:description><maml:para>Adds local revocation entry to specified Online Responder Revocation Configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>OnlineResponderLocalCrlEntry</command:noun><dev:version /></command:details><maml:description><maml:para>Adds local revocation entry to specified Online Responder Revocation Configuration.</maml:para><maml:para>Normally, Online Responder refers to CRL to determine if requested serial number is revoked or not. Administrators can add serial numbers that are considered revoked even if they are not listed in reference CRL.</maml:para><maml:para>Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-OnlineResponderLocalCrlEntry</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Entry</maml:name><maml:description><maml:para>Specifies a collection of revocation entries to add to local persistent CRL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRLEntryCollection</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing local CRL or append entries to the end of existing local CRL.</maml:para><maml:para>True -- overwrites existin local CRL with entries to add False (default) -- appends seria numbers to the end of existing local CRL</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-OnlineResponderLocalCrlEntry</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Reason</maml:name><maml:description><maml:para>Optionally, specifies the revocation reason for serial numbers provided in "-SerialNumber" parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509RevocationReasons</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing local CRL or append entries to the end of existing local CRL.</maml:para><maml:para>True -- overwrites existin local CRL with entries to add False (default) -- appends seria numbers to the end of existing local CRL</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue><dev:type><maml:name>OcspResponderRevocationConfiguration[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Entry</maml:name><maml:description><maml:para>Specifies a collection of revocation entries to add to local persistent CRL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509CRLEntryCollection</command:parameterValue><dev:type><maml:name>X509CRLEntryCollection</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Specifies whether to overwrite existing local CRL or append entries to the end of existing local CRL.</maml:para><maml:para>True -- overwrites existin local CRL with entries to add False (default) -- appends seria numbers to the end of existing local CRL</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Reason</maml:name><maml:description><maml:para>Optionally, specifies the revocation reason for serial numbers provided in "-SerialNumber" parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509RevocationReasons</command:parameterValue><dev:type><maml:name>X509RevocationReasons</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Add-OnlineResponderLocalCrlEntry -SerialNumber "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f" -Reason "KeyCompromise"</dev:code><dev:remarks><maml:para>In this example, a certificate serial numbers "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f" and marked as revoked with "Key Compromise" reason and appended to local CRL to revocation configuration named "Example Org v0.0" on Online Responder hosted on "ocsp1.example.com"</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$crl = Get-CertificateRevocationList -Path C:\CertData\example-org.crl Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Add-OnlineResponderLocalCrlEntry -Entry $crl.RevokedCertificates -Force</dev:code><dev:remarks><maml:para>In this example, a) first line reads a locally stored CRL file. b) second line gets reovcation configuration named "Example Org v0.0" from Online Responder hosted on "ocsp1.example.com" and overwrites local CRL with entries from CRL object retrieved in first line.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-OnlineResponderLocalCrlEntry</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderLocalCrlEntry</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Add-OnlineResponderRevocationConfiguration</command:name><maml:description><maml:para>Adds new revocation configuration to Online Responder.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Add</command:verb><command:noun>OnlineResponderRevocationConfiguration</command:noun><dev:version /></command:details><maml:description><maml:para>Adds new revocation configuration to Online Responder using CA certificate and configuration display name.</maml:para><maml:para>Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Add-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder the configuration is added to.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the revocation configuration display name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CaCertificate</maml:name><maml:description><maml:para>Specifies the CA certificate the revocation configuration is set up for. Use this parameter when custom or manually assigned OCSP signing certificate will be used for new revocation configuration.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Add-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder the configuration is added to.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the revocation configuration display name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Enterprise Certification Authority. Use this parameter with Enterprise Certification Authority for which you want to use automatic OCSP signing certificate enrollment and renewal based on a certificate template.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder the configuration is added to.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the revocation configuration display name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CaCertificate</maml:name><maml:description><maml:para>Specifies the CA certificate the revocation configuration is set up for. Use this parameter when custom or manually assigned OCSP signing certificate will be used for new revocation configuration.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate</command:parameterValue><dev:type><maml:name>X509Certificate</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Enterprise Certification Authority. Use this parameter with Enterprise Certification Authority for which you want to use automatic OCSP signing certificate enrollment and renewal based on a certificate template.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue><dev:type><maml:name>CertificateAuthority</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$CA = Get-CertificationAuthority "ca01.example.com" -Enterprise PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Add-OnlineResponderRevocationConfiguration -Name "Example Org v1.1" -CA $ca | Set-OnlineResponderRevocationConfiguration ` -SigningServer $CA -SigningCertTemplate "OcspResponseSigning" ` -SigningFlag "Silent, SigningCertAutoRenewal, ForceDelegatedCert, AutoDiscoverSigningCert, ResponderIdKeyHash, SigningCertAutoEnrollment" ` -BaseCrlUrl "http://cdp2.example.com/exca.crl","http://cdp3.example.com/exca.crl" ` -DeltaCrlUrl "http://cdp2.example.com/exca+.crl","http://cdp3.example.com/exca+.crl" ` -HashAlgorithm (New-Object System.Security.Cryptography.Oid2 "sha256")</dev:code><dev:remarks><maml:para>In this example, a) first line connects to Enterprise CA server on 'ca01.example.com'. b) connects to Online Responder hosted on "ocsp1.example.com" and adds new revocation configuration named "Example Org v1.1" for CA retrieved on a first line. Further, revocation configuration is configured by using Set-OnlineResponderRevocationConfiguration command by specifying: a) use "OcspResponseSigning" certificate template for OCSP signing certificate enrollment b) use automatic certificate enrollment and renewal from referenced CA c) base and delta CRL URLs d) SHA256 hashing algorithm used to sign OCSP responses.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$CaCert = Get-Item cert:\LocalMachine\CA\0E084CAC00546D876A7A2370BF4053F2CE8C1053 PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Add-OnlineResponderRevocationConfiguration -Name "External Example Org CA" -CaCertificate $CaCert ` -BaseCrlUrl "http://cdp2.example.com/exca.crl","http://cdp3.example.com/exca.crl" ` -HashAlgorithm (New-Object System.Security.Cryptography.Oid2 "sha256")</dev:code><dev:remarks><maml:para>Creates new Online Responder revocation configuration for non-Enterprise (Standalone, external, offline) Certification Authority with CA certificate thumbprint "0E084CAC00546D876A7A2370BF4053F2CE8C1053". Further, revocation configuration is configured by using Set-OnlineResponderRevocationConfiguration command by specifying: a) use out-of-band enrolled OCSP signing certificate b) base CRL URLs (assuming Delta CRLs are not used by CA) c) SHA256 hashing algorithm used to sign OCSP responses.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Add-OnlineResponderRevocationConfiguration</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Approve-CertificateRequest</command:name><maml:description><maml:para>Approves certificate for a certificate request that is placed in 'Pending Requests' node on the CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Approve</command:verb><command:noun>CertificateRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Issues certificate for a certificate request that is placed in 'Pending Requests' node on the CA server. This is equivalent to manually issuing a certificate request from Certification Authority MMC snap-in.</maml:para><maml:para>Note: for this command to succeed, the certificate request must be pending.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Approve-CertificateRequest</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the pending request object. Pending request object can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the pending request object. Pending request object can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Utils.IServiceOperationResult</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Utils_IServiceOperationResult.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority CompanyCA1 | Get-PendingRequest -ID 10,14 | Approve-CertificateRequest</dev:code><dev:remarks><maml:para>This command will attempt to approve certificate requests with ID 10 and 14 and issue certificates.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Approve-CertificateRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Deny-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Connect-CertificationAuthority</command:name><maml:description><maml:para>Connects to a specified Certification Authority server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Connect</command:verb><command:noun>CertificationAuthority</command:noun><dev:version /></command:details><maml:description><maml:para>Connects to a specified Certification Authority server. The command supports connection to a single Standalone or Enterprise CA server.</maml:para><maml:para>This command is similar to Get-CertificationAuthority and it's result can be piped to any command that accepts the Get-CertificationAuthority command's output.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Connect-CertificationAuthority</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) or short name (NetBIOS) of the computer that hosts Certification Authority role.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the fully qualified domain name (FQDN) or short name (NetBIOS) of the computer that hosts Certification Authority role.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue>. (local computer)</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Connect-CertificationAuthority</dev:code><dev:remarks><maml:para>Attempts to connect to a CA server that is installed on a local computer.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Connect-CertificationAuthority -ComputerName ca01.company.com</dev:code><dev:remarks><maml:para>Attempts to connect to a CA server that is installed on a 'ca01.company.com' computer.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Connect-CertificationAuthority</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Connect-OnlineResponder</command:name><maml:description><maml:para>Connects to ADCS Online Responder.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Connect</command:verb><command:noun>OnlineResponder</command:noun><dev:version /></command:details><maml:description><maml:para>Connects to ADCS Online Responder. This is the main command used to call other Online Responder-related commands.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Connect-OnlineResponder</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the Online Responder host name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies the Online Responder host name.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>Localhost</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$ocsp = Connect-OnlineResponder -ComputerName ocsp1.example.com</dev:code><dev:remarks><maml:para>Connects to Online Responder server named 'ocsp1.example.com' and stores in a variable. Object stored in a variable is used to call other Online Responder-related commands.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Connect-OnlineResponder</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Deny-CertificateRequest</command:name><maml:description><maml:para>Denies a certificate for a certificate request that is placed in 'Pending Requests' node on the CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Deny</command:verb><command:noun>CertificateRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Denies certificate request that is placed in 'Pending Requests' node on the CA server. This is equivalent to manually denying the certificate request from Certification Authority MMC snap-in.</maml:para><maml:para>Note: for this command to succeed, the certificate request must be pending.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Deny-CertificateRequest</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request object can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request object can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Utils.IServiceOperationResult</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Utils_IServiceOperationResult.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority CompanyCA1 | Get-PendingRequest -Filter "CertificateTemplate -eq WebServerV2" | Deny-CertificateRequest</dev:code><dev:remarks><maml:para>This command will attempt to deny certificate requests that are requested to use WebServerV2 certificate template.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Deny-CertificateRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Approve-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Disable-CertificateRevocationListFlag</command:name><maml:description><maml:para>Disables certificate revocation list settings (flag) for specified CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>CertificateRevocationListFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Disables certificate revocation list settings (flag) for a specified CA server. These flags affects only to a CA server where they are defined.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-CertificateRevocationListFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLFlag object to process. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>DeltaUseOldestUnexpiredBase - the CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used. DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys. CRLNumberCritical - the CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected. RevCheckIgnoreOffline - the CA cerver will ignore certificate revocation checking failures (not recommended). IgnoreInvalidPolicies - the CA server will ignore invalid Certificate Policies extension in requests. RebuildModifiedSubjectOnly - when a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request SaveFailedCerts - N/A IgnoreUnknownCMCAttributes - the CA server ignores unknown CMC attributes in the request. IgnoreCrossCertTrustError - the CA server ignores trust errors for cross-certificates during certificate chain building. PublishExpiredCertCRLs - the CA will publish expired revoked certificates in CRLs. EnforceEnrollmentAgent - the CA enforces enrollment agent restrictions. DisableRDNReorder - the CA server will not re-order relative distinguished name (RDN) in the certificate request. DisableRootCrossCerts - instruct Root CA server to not generate root cross-certificates after Root CA renewal with new key pair. LogfullResponse - the CA will dump request response to console. UseXCHGCertTemplate - instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival. UseCrossCertTemplate - instruct Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using automatically generated cross-certificates. AllowRequestAttributeSubject - the CA server will accept certificate subject submitted as a part of request attributes. DisableChainVerification - the CA server will not try to build chain for a certificate. RevCheckIgnoreNoRevCheck - the CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates. PreserveExpiredCerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid. PreserveRevokedCACerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is revoked. BuildRootCACRLEntriesBasedOnKey - N/A</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CRLFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLFlag object to process. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue><dev:type><maml:name>CRLFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>DeltaUseOldestUnexpiredBase - the CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used. DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys. CRLNumberCritical - the CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected. RevCheckIgnoreOffline - the CA cerver will ignore certificate revocation checking failures (not recommended). IgnoreInvalidPolicies - the CA server will ignore invalid Certificate Policies extension in requests. RebuildModifiedSubjectOnly - when a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request SaveFailedCerts - N/A IgnoreUnknownCMCAttributes - the CA server ignores unknown CMC attributes in the request. IgnoreCrossCertTrustError - the CA server ignores trust errors for cross-certificates during certificate chain building. PublishExpiredCertCRLs - the CA will publish expired revoked certificates in CRLs. EnforceEnrollmentAgent - the CA enforces enrollment agent restrictions. DisableRDNReorder - the CA server will not re-order relative distinguished name (RDN) in the certificate request. DisableRootCrossCerts - instruct Root CA server to not generate root cross-certificates after Root CA renewal with new key pair. LogfullResponse - the CA will dump request response to console. UseXCHGCertTemplate - instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival. UseCrossCertTemplate - instruct Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using automatically generated cross-certificates. AllowRequestAttributeSubject - the CA server will accept certificate subject submitted as a part of request attributes. DisableChainVerification - the CA server will not try to build chain for a certificate. RevCheckIgnoreNoRevCheck - the CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates. PreserveExpiredCerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid. PreserveRevokedCACerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is revoked. BuildRootCACRLEntriesBasedOnKey - N/A</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CRLFlagEnum</command:parameterValue><dev:type><maml:name>CRLFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-CRLFlag | Disable-CRLFlag "RevCheckIgnoreOffline", "RevCheckIgnoreNoRevCheck" -RestartCA</dev:code><dev:remarks><maml:para>The command will instruct CA server to fail if certificate revocation status cannot be determined (aka "RevocationOffline") and/or non-root certificate has empty CDP extension (or CDP extension is not present). After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Disable-CertificateRevocationListFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-CertificateRevocationListFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Disable-InterfaceFlag</command:name><maml:description><maml:para>Disables Active Directory Certificate Services (AD CS) management or request interface settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>InterfaceFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Disables Active Directory Certificate Services (AD CS) management or request interface settings.</maml:para><maml:para>Management interface is implemented in ICertAdmin and request interface is implemented in ICertRequest. By using this you can limit these interface usage. For example you can prevent AD CS remote management with ICertAdmin interface and allow AD CS management only locally.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-InterfaceFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the InterfaceFlag object to process. This object can be retrieved by running Get-InterfaceFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">InterfaceFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag (or multiple flags) to disable. The following flags can be used:</maml:para><maml:para>LockICertRequest - the behavior for this flag is not defined and it should not be used. NoRemoteICertRequest - the CA will not issue any certificates or hold pending any requests for remote users. NoLocalICertRequest - the CA will not issue any certificates or hold pending any requests for local users. NoRPCICertRequest - the CA will not issue any certificates or hold pending any requests for callers using the ICertPassage interface. NoRemoteICertAdmin - no access to Certificate Services Remote Administration Protocol methods for remote callers. NoLocalICertAdmin - no access to Certificate Services Remote Administration Protocol methods for local callers. NoRemoteICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for remote callers. NoLocalICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for local callers. NoSnapshotBackup - the database files cannot be backed up using a mechanism other than the methods of the ICertAdmin2 interface. EnforceEncryptICertRequest - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate-request operations. EnforceEncryptICertAdmin - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate administrative operations (the methods defined in the ICertAdmin2 interface). EnableExitKeyRetrieval - enables an exit algorithm to retrieve the Encrypted private-Key Blob. EnableAdminAsAuditor - only CA administrators can update the CA audit filter settings.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">InterfaceFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the InterfaceFlag object to process. This object can be retrieved by running Get-InterfaceFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">InterfaceFlag[]</command:parameterValue><dev:type><maml:name>InterfaceFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag (or multiple flags) to disable. The following flags can be used:</maml:para><maml:para>LockICertRequest - the behavior for this flag is not defined and it should not be used. NoRemoteICertRequest - the CA will not issue any certificates or hold pending any requests for remote users. NoLocalICertRequest - the CA will not issue any certificates or hold pending any requests for local users. NoRPCICertRequest - the CA will not issue any certificates or hold pending any requests for callers using the ICertPassage interface. NoRemoteICertAdmin - no access to Certificate Services Remote Administration Protocol methods for remote callers. NoLocalICertAdmin - no access to Certificate Services Remote Administration Protocol methods for local callers. NoRemoteICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for remote callers. NoLocalICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for local callers. NoSnapshotBackup - the database files cannot be backed up using a mechanism other than the methods of the ICertAdmin2 interface. EnforceEncryptICertRequest - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate-request operations. EnforceEncryptICertAdmin - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate administrative operations (the methods defined in the ICertAdmin2 interface). EnableExitKeyRetrieval - enables an exit algorithm to retrieve the Encrypted private-Key Blob. EnableAdminAsAuditor - only CA administrators can update the CA audit filter settings.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">InterfaceFlagEnum</command:parameterValue><dev:type><maml:name>InterfaceFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.InterfaceFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_InterfaceFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.InterfaceFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_InterfaceFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoLocalIcertRequest" -RestartCA</dev:code><dev:remarks><maml:para>This example removes local enrollment restriction for "company-CA01" CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoRemoteICertAdminBackup" -RestartCA</dev:code><dev:remarks><maml:para>This example removes remote backup restrictions for all Enterprise CAs in the current Active Directory forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Disable-InterfaceFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-InterfaceFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Disable-KeyRecoveryAgentFlag</command:name><maml:description><maml:para>Disables key recovery agent settings (flag) for specified CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>KeyRecoveryAgentFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Disables Key Recovery Agent (KRA) settings (flag) for specified CA server. By default no KRA flags are enabled.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-KeyRecoveryAgentFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>EnableForeign - enables key archival for certificates issued by other (or 3rd party) CA. SaveBadRequestKey - enforces key archival even if the submitted public and private key pair cannot be verified. EnableArchiveAll - enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival. DisableUseDefaultProvider - disables default cryptographic service provider (CSP) usage for public and private key pair verification.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">KRAFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue><dev:type><maml:name>KRAFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>EnableForeign - enables key archival for certificates issued by other (or 3rd party) CA. SaveBadRequestKey - enforces key archival even if the submitted public and private key pair cannot be verified. EnableArchiveAll - enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival. DisableUseDefaultProvider - disables default cryptographic service provider (CSP) usage for public and private key pair verification.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">KRAFlagEnum</command:parameterValue><dev:type><maml:name>KRAFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-KeyRecoveryAgentFlag | Disable-KeyRecoveryAgentFlad -Flag "EnableForeign"</dev:code><dev:remarks><maml:para>This command disables key archival for keys that were issued (signed) by other (or 3rd party) CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Disable-KeyRecoveryAgentFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-KeyRecoveryAgentFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Disable-PolicyModuleFlag</command:name><maml:description><maml:para>Disables policy module flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Disable</command:verb><command:noun>PolicyModuleFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Disables policy module flags. These flags are processed by the policy module during certificate request processing.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Disable-PolicyModuleFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the object that contains existing EditFlags object to process. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies flag to disable for processing by CA policy module. This parameter accepts the following value or values:</maml:para><maml:para>EnableRequestExtensions -- Enables 'Enabled Request Extensions' list processing. RequestExtensionList -- Instructs CA server to process RequestExtensionList property. DisableExtensionList -- Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request contains one or more extemsions from this list, extensions will be discarded. AddOldKeyUsage -- N/A AddOldCertType -- N/A AttributeEndDate -- Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity. BasicConstraintsCritical -- Marks Basic Constraints extension as critical. BasicConstraintsCA -- Enables Basic Constraints extension for CA certificates. EnableAKIKeyID -- Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier (AKI) extension. AttributeCA -- N/A IgnoreRequestGroup -- N/A EnableAKIIssuerName -- Enables issuer name value to appear in Authority Key Identifier (AKI) extension. EnableAKIIssuerSerial -- Enables issuer certificate's serial number to appear in Authority Key Identifier (AKI) extension. EnableAKICritical -- Marks Authority Key Identifier (AKI) extension as critical. ServerUpgraded -- N/A AttributeEKU -- Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated request attribute (rather than including EKU extension as authenticated extension in the request). EnableDefaultSMIME -- N/A EmailOptional -- N/A AttributeSubjectAlternativeName -- Enables Subject Alternative Name (SAN) extensions passing as unauthenticated request attribute (rather than including SAN extension as authenticated extension in the request). Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request. EnableLDAPReferrals -- Allows Certification Authority (CA) to chase a referral for user or computer information in a trusted forest. When referrals are not chased and the user information is not available, the request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default as unintended template enumeration and enrollment may occur in some scenarios. This flag is necessary only for Cross-Forest Enrollment scenarios. EnableChaseClientDC -- N/A AuditCertTemplateLoad -- Enables template list load from Active Directory audit. DisableOldOSCNUPN -- N/A DisableLDAPPackageList -- N/A EnableUPNMap -- N/A EnableOCSPRevNoCheck -- Enables id-pkix-ocsp-nocheck extension in the request. EnableRenewOnBehalfOf -- Enables certificate renewel on behalf of other user or computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyModuleFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the object that contains existing EditFlags object to process. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue><dev:type><maml:name>EditFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies flag to disable for processing by CA policy module. This parameter accepts the following value or values:</maml:para><maml:para>EnableRequestExtensions -- Enables 'Enabled Request Extensions' list processing. RequestExtensionList -- Instructs CA server to process RequestExtensionList property. DisableExtensionList -- Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request contains one or more extemsions from this list, extensions will be discarded. AddOldKeyUsage -- N/A AddOldCertType -- N/A AttributeEndDate -- Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity. BasicConstraintsCritical -- Marks Basic Constraints extension as critical. BasicConstraintsCA -- Enables Basic Constraints extension for CA certificates. EnableAKIKeyID -- Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier (AKI) extension. AttributeCA -- N/A IgnoreRequestGroup -- N/A EnableAKIIssuerName -- Enables issuer name value to appear in Authority Key Identifier (AKI) extension. EnableAKIIssuerSerial -- Enables issuer certificate's serial number to appear in Authority Key Identifier (AKI) extension. EnableAKICritical -- Marks Authority Key Identifier (AKI) extension as critical. ServerUpgraded -- N/A AttributeEKU -- Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated request attribute (rather than including EKU extension as authenticated extension in the request). EnableDefaultSMIME -- N/A EmailOptional -- N/A AttributeSubjectAlternativeName -- Enables Subject Alternative Name (SAN) extensions passing as unauthenticated request attribute (rather than including SAN extension as authenticated extension in the request). Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request. EnableLDAPReferrals -- Allows Certification Authority (CA) to chase a referral for user or computer information in a trusted forest. When referrals are not chased and the user information is not available, the request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default as unintended template enumeration and enrollment may occur in some scenarios. This flag is necessary only for Cross-Forest Enrollment scenarios. EnableChaseClientDC -- N/A AuditCertTemplateLoad -- Enables template list load from Active Directory audit. DisableOldOSCNUPN -- N/A DisableLDAPPackageList -- N/A EnableUPNMap -- N/A EnableOCSPRevNoCheck -- Enables id-pkix-ocsp-nocheck extension in the request. EnableRenewOnBehalfOf -- Enables certificate renewel on behalf of other user or computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyModuleFlagEnum</command:parameterValue><dev:type><maml:name>PolicyModuleFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag AttributeSubjectAlternativeName -RestartCA</dev:code><dev:remarks><maml:para>Disables 'Subject Alternative Name' attribute in a submitted certificate request and restarts certificate services. In order to issue a certificate with SAN extension, it must be a part of certificate request extensions. After command completion Company-CA CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA</dev:code><dev:remarks><maml:para>Disables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will prevent CA to issue OCSP Response Signing certificate and any previously disabled extension (see Add-ExtensionList) will be populated in the issued certificates. After command completion Company-CA CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Disable-PolicyModuleFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-PolicyModuleFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Enable-CertificateRevocationListFlag</command:name><maml:description><maml:para>Enables certificate revocation list settings (flag) for specified CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>CertificateRevocationListFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Enables certificate revocation list settings (flag) for specified CA server. These flags affects only to a CA server where they are defined.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-CertificateRevocationListFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLFlag object to process. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>DeltaUseOldestUnexpiredBase - the CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used. DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys. CRLNumberCritical - the CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected. RevCheckIgnoreOffline - the CA cerver will ignore certificate revocation checking failures (not recommended). IgnoreInvalidPolicies - the CA server will ignore invalid Certificate Policies extension in requests. RebuildModifiedSubjectOnly - when a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request SaveFailedCerts - N/A IgnoreUnknownCMCAttributes - the CA server ignores unknown CMC attributes in the request. IgnoreCrossCertTrustError - the CA server ignores trust errors for cross-certificates during certificate chain building. PublishExpiredCertCRLs - the CA will publish expired revoked certificates in CRLs. EnforceEnrollmentAgent - the CA enforces enrollment agent restrictions. DisableRDNReorder - the CA server will not re-order relative distinguished name (RDN) in the certificate request. DisableRootCrossCerts - instruct Root CA server to not generate root cross-certificates after Root CA renewal with new key pair. LogfullResponse - the CA will dump request response to console. UseXCHGCertTemplate - instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival. UseCrossCertTemplate - instruct Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using automatically generated cross-certificates. AllowRequestAttributeSubject - the CA server will accept certificate subject submitted as a part of request attributes. DisableChainVerification - the CA server will not try to build chain for a certificate. RevCheckIgnoreNoRevCheck - the CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates. PreserveExpiredCerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid. PreserveRevokedCACerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is revoked. BuildRootCACRLEntriesBasedOnKey - N/A</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CRLFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CRLFlag object to process. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue><dev:type><maml:name>CRLFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to disable. The following flag (of flags) can be used:</maml:para><maml:para>DeltaUseOldestUnexpiredBase - the CA server will use oldest unexpired Base CRL for certificate revocation checking. Otherwise, the most recent Base CRL is used. DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys. CRLNumberCritical - the CA server will mark CRL Number extension as critical. If a target application doesn't recognize this extension, a CRL will be rejected. RevCheckIgnoreOffline - the CA cerver will ignore certificate revocation checking failures (not recommended). IgnoreInvalidPolicies - the CA server will ignore invalid Certificate Policies extension in requests. RebuildModifiedSubjectOnly - when a CA server is configured to use the unmodified subject that is supplied in the certificate request, the policy module should not make any changes to the subject that is in the certificate request SaveFailedCerts - N/A IgnoreUnknownCMCAttributes - the CA server ignores unknown CMC attributes in the request. IgnoreCrossCertTrustError - the CA server ignores trust errors for cross-certificates during certificate chain building. PublishExpiredCertCRLs - the CA will publish expired revoked certificates in CRLs. EnforceEnrollmentAgent - the CA enforces enrollment agent restrictions. DisableRDNReorder - the CA server will not re-order relative distinguished name (RDN) in the certificate request. DisableRootCrossCerts - instruct Root CA server to not generate root cross-certificates after Root CA renewal with new key pair. LogfullResponse - the CA will dump request response to console. UseXCHGCertTemplate - instructs CA server to use CA Exchange template instead of using automatically generated short-lived certificates for key archival. UseCrossCertTemplate - instruct Root CA server to use Cross Certification Authority template during Root CA renewal with new key pair, instead of using automatically generated cross-certificates. AllowRequestAttributeSubject - the CA server will accept certificate subject submitted as a part of request attributes. DisableChainVerification - the CA server will not try to build chain for a certificate. RevCheckIgnoreNoRevCheck - the CA server ignores empty CRL Distribution Points (CDP) extension for non-root certificates. PreserveExpiredCerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is not timely valid. PreserveRevokedCACerts - the CA server will preserve CA certificate in database and certificate store even if the certificate is revoked. BuildRootCACRLEntriesBasedOnKey - N/A</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CRLFlagEnum</command:parameterValue><dev:type><maml:name>CRLFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-CRLFlag | Enable-CRLFlag "UseXCHGCertTemplate" -RestartCA</dev:code><dev:remarks><maml:para>The command will instruct CA 'company-CA01' CA server to use CA Exchange template to issue CA Exchange certificate for key archival. Note that CA Exchange template must be added to CA template issuance list. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Enable-CertificateRevocationListFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-CertificateRevocationListFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Enable-InterfaceFlag</command:name><maml:description><maml:para>Enables Active Directory Certificate Services (AD CS) management or request interface settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>InterfaceFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Enables Active Directory Certificate Services (AD CS) management or request interface flags.</maml:para><maml:para>Management interface is implemented in ICertAdmin and request interface is implemented in ICertRequest. By using this you can limit these interface usage. For example you can prevent AD CS remote management with ICertAdmin interface and allow AD CS management only locally.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-InterfaceFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the InterfaceFlag object to process. This object can be retrieved by running Get-InterfaceFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">InterfaceFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag (or multiple flags) to enable. The following flags can be used:</maml:para><maml:para>LockICertRequest - the behavior for this flag is not defined and it should not be used. NoRemoteICertRequest - the CA will not issue any certificates or hold pending any requests for remote users. NoLocalICertRequest - the CA will not issue any certificates or hold pending any requests for local users. NoRPCICertRequest - the CA will not issue any certificates or hold pending any requests for callers using the ICertPassage interface. NoRemoteICertAdmin - no access to Certificate Services Remote Administration Protocol methods for remote callers. NoLocalICertAdmin - no access to Certificate Services Remote Administration Protocol methods for local callers. NoRemoteICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for remote callers. NoLocalICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for local callers. NoSnapshotBackup - the database files cannot be backed up using a mechanism other than the methods of the ICertAdmin2 interface. EnforceEncryptICertRequest - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate-request operations. EnforceEncryptICertAdmin - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate administrative operations (the methods defined in the ICertAdmin2 interface). EnableExitKeyRetrieval - enables an exit algorithm to retrieve the Encrypted private-Key Blob. EnableAdminAsAuditor - only CA administrators can update the CA audit filter settings.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">InterfaceFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the InterfaceFlag object to process. This object can be retrieved by running Get-InterfaceFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">InterfaceFlag[]</command:parameterValue><dev:type><maml:name>InterfaceFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag (or multiple flags) to enable. The following flags can be used:</maml:para><maml:para>LockICertRequest - the behavior for this flag is not defined and it should not be used. NoRemoteICertRequest - the CA will not issue any certificates or hold pending any requests for remote users. NoLocalICertRequest - the CA will not issue any certificates or hold pending any requests for local users. NoRPCICertRequest - the CA will not issue any certificates or hold pending any requests for callers using the ICertPassage interface. NoRemoteICertAdmin - no access to Certificate Services Remote Administration Protocol methods for remote callers. NoLocalICertAdmin - no access to Certificate Services Remote Administration Protocol methods for local callers. NoRemoteICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for remote callers. NoLocalICertAdminBackup - the CA restricts access to the backup-related methods of this protocol for local callers. NoSnapshotBackup - the database files cannot be backed up using a mechanism other than the methods of the ICertAdmin2 interface. EnforceEncryptICertRequest - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate-request operations. EnforceEncryptICertAdmin - a RPC security settings (defined in http://msdn.microsoft.com/library/cc243867(PROT.10).aspx ) should be defined for all RPC connections to the server for certificate administrative operations (the methods defined in the ICertAdmin2 interface). EnableExitKeyRetrieval - enables an exit algorithm to retrieve the Encrypted private-Key Blob. EnableAdminAsAuditor - only CA administrators can update the CA audit filter settings.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">InterfaceFlagEnum</command:parameterValue><dev:type><maml:name>InterfaceFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.InterfaceFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_InterfaceFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.InterfaceFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_InterfaceFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "NoRemoteIcertAdmin", "NoRemoteICertAdminBackup" -RestartCA</dev:code><dev:remarks><maml:para>This example restricts 'company-CA01' CA server remote management and remote backup operations. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "EnableAdminAsAuditor" -RestartCA</dev:code><dev:remarks><maml:para>This example grants CA Administrators CA Auditor role for all Enterprise CAs in the current forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Enable-InterfaceFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-InterfaceFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Enable-KeyRecoveryAgentFlag</command:name><maml:description><maml:para>Enables key recovery agent settings (flag) for specified CA server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>KeyRecoveryAgentFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Enables Key Recovery Agent (KRA) settings (flag) for specified CA server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-KeyRecoveryAgentFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to enable. The following flag (of flags) can be used:</maml:para><maml:para>EnableForeign - enables key archival for certificates issued by other (or 3rd party) CA. SaveBadRequestKey - enforces key archival even if the submitted public and private key pair cannot be verified. EnableArchiveAll - enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival. DisableUseDefaultProvider - disables default cryptographic service provider (CSP) usage for public and private key pair verification.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">KRAFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue><dev:type><maml:name>KRAFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies the flag to enable. The following flag (of flags) can be used:</maml:para><maml:para>EnableForeign - enables key archival for certificates issued by other (or 3rd party) CA. SaveBadRequestKey - enforces key archival even if the submitted public and private key pair cannot be verified. EnableArchiveAll - enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival. DisableUseDefaultProvider - disables default cryptographic service provider (CSP) usage for public and private key pair verification.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">KRAFlagEnum</command:parameterValue><dev:type><maml:name>KRAFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag | Enable-KeyRecoveryAgentFlad -Flag "EnableForeign"</dev:code><dev:remarks><maml:para>This example allows the CA to archive public and private key pair that were issued (signed) by other (or 3rd party) CA. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Enable-KeyRecoveryAgentFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-KeyRecoveryAgentFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Enable-PolicyModuleFlag</command:name><maml:description><maml:para>Enables policy module flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Enable</command:verb><command:noun>PolicyModuleFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Enables policy module flags. These flags are processed by the policy module during certificate request processing.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Enable-PolicyModuleFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the EditFlags object to process. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies new flag to enable for processing by CA policy module. This parameter accepts the following value or values:</maml:para><maml:para>EnableRequestExtensions -- Enables 'Enabled Request Extensions' list processing. RequestExtensionList -- Instructs CA server to process RequestExtensionList property. DisableExtensionList -- Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request contains one or more extemsions from this list, extensions will be discarded. AddOldKeyUsage -- N/A AddOldCertType -- N/A AttributeEndDate -- Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity. BasicConstraintsCritical -- Marks Basic Constraints extension as critical. BasicConstraintsCA -- Enables Basic Constraints extension for CA certificates. EnableAKIKeyID -- Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier (AKI) extension. AttributeCA -- N/A IgnoreRequestGroup -- N/A EnableAKIIssuerName -- Enables issuer name value to appear in Authority Key Identifier (AKI) extension. EnableAKIIssuerSerial -- Enables issuer certificate's serial number to appear in Authority Key Identifier (AKI) extension. EnableAKICritical -- Marks Authority Key Identifier (AKI) extension as critical. ServerUpgraded -- N/A AttributeEKU -- Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated request attribute (rather than including EKU extension as authenticated extension in the request). EnableDefaultSMIME -- N/A EmailOptional -- N/A AttributeSubjectAlternativeName -- Enables Subject Alternative Name (SAN) extensions passing as unauthenticated request attribute (rather than including SAN extension as authenticated extension in the request). Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request. EnableLDAPReferrals -- Allows Certification Authority (CA) to chase a referral for user or computer information in a trusted forest. When referrals are not chased and the user information is not available, the request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default as unintended template enumeration and enrollment may occur in some scenarios. This flag is necessary only for Cross-Forest Enrollment scenarios. EnableChaseClientDC -- N/A AuditCertTemplateLoad -- Enables template list load from Active Directory audit. DisableOldOSCNUPN -- N/A DisableLDAPPackageList -- N/A EnableUPNMap -- N/A EnableOCSPRevNoCheck -- Enables id-pkix-ocsp-nocheck extension in the request. EnableRenewOnBehalfOf -- Enables certificate renewel on behalf of other user or computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyModuleFlagEnum</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the EditFlags object to process. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue><dev:type><maml:name>EditFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Flag</maml:name><maml:description><maml:para>Specifies new flag to enable for processing by CA policy module. This parameter accepts the following value or values:</maml:para><maml:para>EnableRequestExtensions -- Enables 'Enabled Request Extensions' list processing. RequestExtensionList -- Instructs CA server to process RequestExtensionList property. DisableExtensionList -- Enables 'Disabled Request Extensions' list processing. If the flag is enabled and certificate request contains one or more extemsions from this list, extensions will be discarded. AddOldKeyUsage -- N/A AddOldCertType -- N/A AttributeEndDate -- Allows to specify certificate's validity end date. While certificate's validity on Enterprise CAs is (mainly) determined by certificate template settings, Standalone CAs determines this value by ValidityPeriod and ValidityPeriodUnits settings only. This flag allows to override ValidityPeriod and ValidityPeriodUnits settings to set certificate's validity. BasicConstraintsCritical -- Marks Basic Constraints extension as critical. BasicConstraintsCA -- Enables Basic Constraints extension for CA certificates. EnableAKIKeyID -- Enables KeyID (issuer's public key hash) value to appear in Authority Key Identifier (AKI) extension. AttributeCA -- N/A IgnoreRequestGroup -- N/A EnableAKIIssuerName -- Enables issuer name value to appear in Authority Key Identifier (AKI) extension. EnableAKIIssuerSerial -- Enables issuer certificate's serial number to appear in Authority Key Identifier (AKI) extension. EnableAKICritical -- Marks Authority Key Identifier (AKI) extension as critical. ServerUpgraded -- N/A AttributeEKU -- Enables Enhanced Key Usages (EKU) extensions passing as unauthenticated request attribute (rather than including EKU extension as authenticated extension in the request). EnableDefaultSMIME -- N/A EmailOptional -- N/A AttributeSubjectAlternativeName -- Enables Subject Alternative Name (SAN) extensions passing as unauthenticated request attribute (rather than including SAN extension as authenticated extension in the request). Note: Do not enable this flag on Enterprise CAs. Instead, inclue SAN extension directly in the request. EnableLDAPReferrals -- Allows Certification Authority (CA) to chase a referral for user or computer information in a trusted forest. When referrals are not chased and the user information is not available, the request will be denied if the user is enrolling from another forest. Referral chasing is not enabled by default as unintended template enumeration and enrollment may occur in some scenarios. This flag is necessary only for Cross-Forest Enrollment scenarios. EnableChaseClientDC -- N/A AuditCertTemplateLoad -- Enables template list load from Active Directory audit. DisableOldOSCNUPN -- N/A DisableLDAPPackageList -- N/A EnableUPNMap -- N/A EnableOCSPRevNoCheck -- Enables id-pkix-ocsp-nocheck extension in the request. EnableRenewOnBehalfOf -- Enables certificate renewel on behalf of other user or computer.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PolicyModuleFlagEnum</command:parameterValue><dev:type><maml:name>PolicyModuleFlagEnum</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CertSvc service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag AttributeSubjectAlternativeName -Restart CA</dev:code><dev:remarks><maml:para>Enables 'Subject Alternative Name' attribute in a submitted certificate request. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.</maml:para><maml:para>Note: do not enable SAN attribute on Enterprise CAs if it is possible to include SAN as extension.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA</dev:code><dev:remarks><maml:para>Enables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will allow CA to issue OCSP Response Signing certificate and will instruct CA server to process disabled extension list (see Add-ExtensionList) and extensions in this list will be not populated in issued certificates. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Enable-PolicyModuleFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-PolicyModuleFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-AdcsDatabaseRow</command:name><maml:description><maml:para>Gets CA database row from a specified table.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>DatabaseRow</command:noun><dev:version /></command:details><maml:description><maml:para>Gets CA database row from a specified table.</maml:para><maml:para>This command is a generic function to access any CA database row. This command allows to access all CA database tables. Although, this command can access any database row, for 'Request' table the use of predefined Get-RevokedRequest, Get-IssuedRequest, Get-PendingRequest and Get-FailedRequest is recommended over this command. Use this caommand to access non-Request tables.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-AdcsDatabaseRow</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Table</maml:name><maml:description><maml:para>Specifies the CA database view table to query. The following view tables are supported:</maml:para><maml:para>-Request - queries entire request table. -Revoked - queries revoked certificates table. -Issued - queries issued certificates table. -Pending - queries pending request table. -Failed - queries failed and denied request table. -Extension - queries extensions table associated with issued certificates. -Attribute - queries attributes table associated with issued certificates. -CRL - queries certificate revocation list (CRL) table.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AdcsDbViewTableName</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>RowID</maml:name><maml:description><maml:para>Specifies the database row ID or IDs to retrieve.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="6"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>RowID</maml:name><maml:description><maml:para>Specifies the database row ID or IDs to retrieve.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue><dev:type><maml:name>Int32[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="6"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Table</maml:name><maml:description><maml:para>Specifies the CA database view table to query. The following view tables are supported:</maml:para><maml:para>-Request - queries entire request table. -Revoked - queries revoked certificates table. -Issued - queries issued certificates table. -Pending - queries pending request table. -Failed - queries failed and denied request table. -Extension - queries extensions table associated with issued certificates. -Attribute - queries attributes table associated with issued certificates. -CRL - queries certificate revocation list (CRL) table.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AdcsDbViewTableName</command:parameterValue><dev:type><maml:name>AdcsDbViewTableName</maml:name><maml:uri/></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CA -Name "*company ca*" | Get-AdcsDatabaseRow -Table CRL -Filter "CRLNextUpdate -gt $(Get-Date)"</dev:code><dev:remarks><maml:para>This command returns all non-expired Base and Delta CRLs from CA database.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CA ca01.company.com | Get-AdcsDatabaseRow -Table Extension -RowID 87</dev:code><dev:remarks><maml:para>Retrieves certificate extensions associated with RequestID = 87.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CA ca01.company.com | Get-AdcsDatabaseRow -Table Attribute -RowID 87</dev:code><dev:remarks><maml:para>Retrieves certificate request attributes associated with RequestID = 87.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-DatabaseRow</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-ADKRACertificate</command:name><maml:description><maml:para>Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ADKRACertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves all published to Active Directory Key Recovery Agents (KRA) certificates. This command must be used to retrieve key recovery agent certificates for Add-CAKRACertificate command purposes.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ADKRACertificate</maml:name><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies a filter for Subject field (distinguished name format). This parameter works in conjunction with other parameters.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? -- for single wildcard character matching * -- for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="1"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies a filter for Issuer field (distinguished name format). This parameter works in conjunction with other parameters.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? -- for single wildcard character matching * -- for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ValidOnly</maml:name><maml:description><maml:para>Specifies whether to return only valid certificates. Valid KRA certificate must conform the following requirements:</maml:para><maml:para>-- time valid -- has valid certificate chain up to any trusted root -- is not revoked -- valid for 'Key Recovery Agent' application policy (enhanced key usage)</maml:para><maml:para>This parameter works in conjunction with other parameters.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ShowUI</maml:name><maml:description><maml:para>Displays a certificate pickup UI window. By using this window you can select one or more KRA certificates to use.</maml:para><maml:para>This parameter works in conjunction with other parameters.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="0"><maml:name>Subject</maml:name><maml:description><maml:para>Specifies a filter for Subject field (distinguished name format). This parameter works in conjunction with other parameters.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? -- for single wildcard character matching * -- for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="true" pipelineInput="false" position="1"><maml:name>Issuer</maml:name><maml:description><maml:para>Specifies a filter for Issuer field (distinguished name format). This parameter works in conjunction with other parameters.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? -- for single wildcard character matching * -- for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ValidOnly</maml:name><maml:description><maml:para>Specifies whether to return only valid certificates. Valid KRA certificate must conform the following requirements:</maml:para><maml:para>-- time valid -- has valid certificate chain up to any trusted root -- is not revoked -- valid for 'Key Recovery Agent' application policy (enhanced key usage)</maml:para><maml:para>This parameter works in conjunction with other parameters.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ShowUI</maml:name><maml:description><maml:para>Displays a certificate pickup UI window. By using this window you can select one or more KRA certificates to use.</maml:para><maml:para>This parameter works in conjunction with other parameters.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2[]</maml:name><maml:uri>http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ADKRACertificate</dev:code><dev:remarks><maml:para>Returns all published to Active Directory KRA certificates without performing any certificate checking.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-ADKRACertificate -Issuer "*MyCA*" -ValidOnly</dev:code><dev:remarks><maml:para>Returns all valid KRA certificates issued by a CA server which name (including DN suffixes) contains "MyCA" string.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-ADKRACertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-AuthorityInformationAccess</command:name><maml:description><maml:para>Retrieves specified Certification Authority Authority Information Access (AIA) info.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>AuthorityInformationAccess</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves specified Certification Authority Authority Information Access (AIA) info.</maml:para><maml:para>AIA extension is used by certificate chaining engine (CCE) for certificate chain building and (if applicable) for certificate revocation checking by using OCSP protocol. AIA extension may consist of three parts:</maml:para><maml:para>- physical path that is used by Certification Authority (CA) to publish CRT files (no longer supported by Windows CA). - URI (URIs) that is used by CA to publish in issued certificates for CRT file retrieval. This URI (URIs) are published to a issued certificates Authority Information Access extension as Certification Authority Issuer access method. - URI (URIs) that is used by clients to determine certificate revocation status by using Online Certificate Status Protocol.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-AuthorityInformationAccess</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AIA | Add-AuthorityInformationAccess -URI "2:http://eu.company.com/MyCA%4.crt" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve AIA extension configuration from 'MyCA' CA server and adds new URI that will be published in all issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name RootCA | Get-AuthorityInformationAccess | Add-AuthorityInformationAccess -URI "32:http://na.company.com/OCSP" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve AIA extension configuration from 'RootCA' CA server and adds new URI that will be published in all issued certificates as OCSP location. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*c:\windows*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all AIA URIs that contains 'c:\windows' pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*ldap://*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all URIs that are used for CRT file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-AuthorityInformationAccess</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CACryptographyConfig</command:name><maml:description><maml:para>Retrieves cryptography configuration on a specified Certification Authority server.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CACryptographyConfig</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves cryptography configuration on a specified Certification Authority (CA) server. This command retrieves provider and algorithm names that are used by a CA when signing certificates and certificate revocation lists (CRLs).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CACryptographyConfig</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CACryptography</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CACryptography.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CACryptographyConfig | Set-CACryptographyConfig -HashingAlgorithm SHA256 -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves existing CA cryptography configuration and changes hashing algorithm to 'SHA256'. After certificate service is restarted, all new issued certificates and CRLs will be signed by used a 'SHA256' signing algorithm.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CACryptographyConfig</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CACryptographyConfig</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CAExchangeCertificate</command:name><maml:description><maml:para>Retrieves CA Exchange certificate from specified Certification Authority (CA)</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CAExchangeCertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves CA Exchange certificate from specified Certification Authority (CA).</maml:para><maml:para>CA Exchange certificate is used by key archival process. Client application retrieves this certificate from enrollment server and encrypts it using the client private key. Encrypted key is sent to CA by using enrollment transport. Also PKIView.msc MMC snap-in relies on CA Exchange certificate to locate OCSP URLs in the AIA extensions.</maml:para><maml:para>In Windows Server 2003, CA Exchange certificate was used to retrieve all URLs configured by CA for AIA and CDP extensions.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CAExchangeCertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Encoding</maml:name><maml:description><maml:para>Specifies output encoding format. This parameter supports Binary and Base64 encodings.</maml:para><maml:para>Binary encoding is a certificate DER-encoded byte array. Base64 is a textually encoded DER-encoded byte array. Is commonly used for copy/pasting from console window. If '-X509' parameter is specified, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">EncodingType</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>X509</maml:name><maml:description><maml:para>This parameter returns CA Exchange certificate as an X509Certificate2 object.</maml:para><maml:para>If this parameter is True, 'Encoding' parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>X509</maml:name><maml:description><maml:para>This parameter returns CA Exchange certificate as an X509Certificate2 object.</maml:para><maml:para>If this parameter is True, 'Encoding' parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Encoding</maml:name><maml:description><maml:para>Specifies output encoding format. This parameter supports Binary and Base64 encodings.</maml:para><maml:para>Binary encoding is a certificate DER-encoded byte array. Base64 is a textually encoded DER-encoded byte array. Is commonly used for copy/pasting from console window. If '-X509' parameter is specified, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">EncodingType</command:parameterValue><dev:type><maml:name>EncodingType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.String</maml:name><maml:uri>http://msdn.microsoft.com/en-us/library/system.string.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para>Certificate encoded in a Base64 string</maml:para></maml:description></command:returnValue><command:returnValue><dev:type><maml:name> System.Byte[]</maml:name><maml:uri> http://msdn.microsoft.com/en-us/library/system.byte.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para> Pure binary copy of the certificate</maml:para></maml:description></command:returnValue><command:returnValue><dev:type><maml:name> System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name><maml:uri> http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para> An X509Certificate2 object</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate</dev:code><dev:remarks><maml:para>Returns the most recent CA Exchange certificate in a Base64 encoding.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Get-CAExchangeCertificate -Encoding Binary</dev:code><dev:remarks><maml:para>Returns the most recent CA Exchange certificate in a DER-encoded byte array form.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate -X509</dev:code><dev:remarks><maml:para>Returns the most recent CA Exchange certificate as an X509Certificate2 object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CAExchangeCertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CAKRACertificate</command:name><maml:description><maml:para>Retrieves assigned to a specified Certification Authority (CA) Key Recovery Agent certificates.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CAKRACertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves assigned to a specified Certification Authority (CA) Key Recovery Agent certificates.</maml:para><maml:para>Key Recovery Agent certificate is used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CAKRACertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_KRA.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $KRACerts = Get-ADKRACertificate -Subject "CN=Key Recovery*" C:\PS>Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Add-CAKRACertificate -Certificate $certs | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>First command retrieves from Active Directory all KRA certificates where subject field starts with 'CN=Key Recovery' (in DN format). Second command will retrieve currently assigned KRA certificates to MyCA CA server and adds new certificates obtained in first command. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Certs = Get-ADKRACertificate -ShowUI -Multipick C:\PS>Get-CertificationAuthority | Get-CAKRACertificate | Add-CAKRACertificate $Certs | Set-Certificate -RestartCA</dev:code><dev:remarks><maml:para>In this example first command will display certificate selection UI where you can select available KRA certificates. Second command will add selected (in previous command) certificates to currently assigned certificates and writes new certificate list back to a CA server. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Remove-CAKRACertificate -Thumbprint "70144a763e3a662756898c3160297c8cbcd244dc" | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove key recovery agent certificate with thumbprint '70144a763e3a662756898c3160297c8cbcd244dc' from 'MyCA' CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CAKRACertificate | Remove-CAKRACertificate -InvalidOnly | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove invalid KRA certificates from all CA servers in the current forest. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CAKRACertificate | Remove-CAKRACertificate -ShowUI | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve currently assigned KRA certificates and displays certificate selection UI where you can select certificates to remove and writes new KRA certificate list back to a Company-CA CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CAKRACertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CATemplate</command:name><maml:description><maml:para>Retrieves certificate templates that are assigned to a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CATemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates.</maml:para><maml:para>Use this command to add and/or remove certificate template to specified certification authority.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Add-CATemplate -Name "SmartCardV2","OfflineComputer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add 'SmartCardV2' and 'OfflineComputer' templates (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and assigns them to a 'Company CA01' certification authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Add-CATemplate -DisplayName "Computer V2", "CA Exchange" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add templates with display names: 'Computer V2' (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and CA Exchange and assigns them to all Enterprise CAs in the forest.</maml:para><maml:para>This example is useful to provide template redundancy, so clients are able to enroll for a certificate even one CA server is down.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -Name WebServer C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Add-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example the first command retrieves template object by running Get-CertificateTemplate command. In the second line adds this template to a CA server running on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Remove-CATemplate -Name "Machine","WebServer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove 'Machine' and 'WebServer' templates from 'Company CA01' CA server. CA server will unable to issue any certificates based on specified templates.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Remove-CATemplate -DisplayName "Domain Controller" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove Domain Controller template from all Enterprise CAs in the forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -DisplayName "Key Recovery Agent" C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Remove-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example first command retrieves 'Key Recovery Agent' template object. In the second line specified template will be removed from CA server running on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CATemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateRevocationListFlag</command:name><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) certificate revocation list (CRL) settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateRevocationListFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) certificate revocation list (CRL) settings. These flags affects only to a CA server where they are defined.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateRevocationListFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA1" | Get-CertificateRevocationListFlag</dev:code><dev:remarks><maml:para>The command retrieves CRL flags for 'company-CA1' CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificateRevocationListFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-CertificateRevocationListFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateTemplate</command:name><maml:description><maml:para>Retrieves registered certificate templates from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateTemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves registered certificate templates from Active Directory.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateTemplate</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies common name of a template to retrieve. You can specify multiple template names by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateTemplate</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies display name of a template to get. You can specify multiple display names by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificateTemplate</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>OID</maml:name><maml:description><maml:para>Specifies object identifier (OID) of a template to get. You can specify multiple template OIDs by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies common name of a template to retrieve. You can specify multiple template names by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies display name of a template to get. You can specify multiple display names by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue>*</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>OID</maml:name><maml:description><maml:para>Specifies object identifier (OID) of a template to get. You can specify multiple template OIDs by separating them with comma character (,).</maml:para><maml:para>Note: this parameter don't accept wildcards</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateTemplates.CertificateTemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateTemplates_CertificateTemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate</dev:code><dev:remarks><maml:para>Retrieves all registered certificate templates from Active Directory.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -DisplayName Computer</dev:code><dev:remarks><maml:para>Retrieves only certificate template with display name 'Computer'.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -Name WebServer, CrossCA</dev:code><dev:remarks><maml:para>Retrieves certificate templates with common names 'WebServer' (Web Server) and 'CrossCA' (Cross Certification Authority).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -OID 1.3.6.1.4.1.311.21.8.149510.7314491.15746959.9320746.3700693.37.1.14</dev:code><dev:remarks><maml:para>Retrieves certificate template that has assigned OID = 1.3.6.1.4.1.311.21.8.149510.7314491.15746959.9320746.3700693.37.1.14 (default Machine/Computer template).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificateTemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateTemplateAcl</command:name><maml:description><maml:para>Gets the security descriptor for a certificate template.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateTemplateAcl</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-CertificateTemplateAcl command gets objects that represent the security descriptor of a certificate template. The security descriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Template</maml:name><maml:description><maml:para>Specifies the CertificateTemplate object. This object can be retrieved by running Get-CertificateTemplate cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Template</maml:name><maml:description><maml:para>Specifies the CertificateTemplate object. This object can be retrieved by running Get-CertificateTemplate cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue><dev:type><maml:name>CertificateTemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateTemplates.CertificateTemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateTemplates_CertificateTemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This example adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This example removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificateTemplateAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificateValidityPeriod</command:name><maml:description><maml:para>Retrives the maximum validity period value for issued certificates.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificateValidityPeriod</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves maximum validity period for issued certificates. Though this setting is not absolute. Certificate actual validity period is the lesser value of the following: for Standalone CA: - estimated CA certificate validity period - ValidityPeriod parameter value.</maml:para><maml:para>for Enterprise CA: - estimated CA certificate validity period - certificate template validity period value - ValidityPeriod parameter value.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificateValidityPeriod</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CertValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pkix/html/T_PKI_CertificateServices_CertValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CertificateValidityPeriod</dev:code><dev:remarks><maml:para>Returns validity period settings for 'Company-CA' CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CertificateValidityPeriod</dev:code><dev:remarks><maml:para>Returns validity period settings for all Enterprise CA servers.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "10 years" -RestartCA</dev:code><dev:remarks><maml:para>Sets certificate issued certificate validity period to '10 years'. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "5 years" -RestartCA</dev:code><dev:remarks><maml:para>Sets certificate issued certificate validity period to '5 years' for all Enterprise CAs in the current forest and restarts CA service. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificateValidityPeriod</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificateValidityPeriod</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificationAuthority</command:name><maml:description><maml:para>Retrieves all Enterprise Certification Authorities from a current Active Directory forest.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificationAuthority</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves all Enterprise Certification Authorities from a current Active Directory forest.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificationAuthority</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies Certification Authority computer name. (default)</maml:para><maml:para>This parameter accepts the following wildcard characters: ? - for single wildcard character matching * - for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Enterprise</maml:name><maml:description><maml:para>Retrieves only Enterprise Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Standalone</maml:name><maml:description><maml:para>Retrieves only Standalone Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-CertificationAuthority</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the particular Certification Authority display name.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? - for single wildcard character matching * - for multiple wildcard character matching.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Enterprise</maml:name><maml:description><maml:para>Retrieves only Enterprise Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Standalone</maml:name><maml:description><maml:para>Retrieves only Standalone Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>ComputerName</maml:name><maml:description><maml:para>Specifies Certification Authority computer name. (default)</maml:para><maml:para>This parameter accepts the following wildcard characters: ? - for single wildcard character matching * - for multiple wildcard character matching</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>*</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="0"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the particular Certification Authority display name.</maml:para><maml:para>This parameter accepts the following wildcard characters: ? - for single wildcard character matching * - for multiple wildcard character matching.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue>*</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Enterprise</maml:name><maml:description><maml:para>Retrieves only Enterprise Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Standalone</maml:name><maml:description><maml:para>Retrieves only Standalone Certification Authorities.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority[]</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority</dev:code><dev:remarks><maml:para>Returns all Enterprise Certification Authorities objects in current forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "RootCa"</dev:code><dev:remarks><maml:para>Returns specified Certification Authority object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01*"</dev:code><dev:remarks><maml:para>Retrieves all Enterprise Certification Authorities which server name starts with 'ca01'. Wildcards are useful when your infrastructure uses complex naming convention. You can put wildcards at any point in the string.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CertificationAuthority -Standalone</dev:code><dev:remarks><maml:para>Retrieves all Active Directory domain-joined Standalone Certification Authorities.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificationAuthority</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificationAuthorityAcl</command:name><maml:description><maml:para>Gets Certification Authority's Access Control List (ACL).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CertificationAuthorityAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Gets Certification Authority's Access Control List (ACL). This ACL controls the access level to the specified CA server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl</dev:code><dev:remarks><maml:para>Retrievex current Access Control List from CA server installed on "ca01.company.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $ACE = @(New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"JohnWayne"), "ManageCA", "Allow") PS C:\> $ACE += New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"jsmith"), "ManageCertificates", "Allow" PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Add-CertificationAuthorityAcl -AccessControlEntry $ACE | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>First two lines create new access control entries: -- first creates ACE for John Wayne and grants him CA manager permissions. -- second creates ACE for John Smith and grants him certificate manager permissions. Third line retrieves current ACL from CA server, adds new access control entries and writes them to CA configuration. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para>Note that if ACL already contains entry for user account to be added, new ACE will not be added. Instead, use techniques described in Example 4.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -User "jsmith","JohnWayne" | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves current access control list from CA server installed on "ca01.company.com", removes all permissions explicitly granted to John Smith and John Wayne and writes modified ACL to CA configuration. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $ACE = New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"jsmith"), "ManageCA", "Allow") PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -User "jsmith" | Add-CertificationAuthorityAcl -AccessControlEntry $ACE | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example demonstrates techniques to change permissions explicitly granted to a user. In a given example, first line creates new access control entry for John Smith. Second line retrieves access control list from CA server, removes all permissions granted to John Smith and adds new access control entry.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificationAuthorityAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CertificationAuthorityDbSchema</command:name><maml:description><maml:para>Retrieves Certification Authority database schema.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CASchema</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves Certification Authority database schema depending on selected table. Default table is 'Request' table.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CertificationAuthorityDbSchema</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Table</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AdcsDbViewTableName</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Table</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AdcsDbViewTableName</command:parameterValue><dev:type><maml:name>AdcsDbViewTableName</maml:name><maml:uri/></dev:type><dev:defaultValue>Request</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbColumnSchema</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbColumnSchema.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA* | Get-CertificationAuthorityDbSchema</dev:code><dev:remarks><maml:para>Returns database schema for Certification Authority objects which name starts with "MyCA".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CertificationAuthorityDbSchema</dev:code><dev:remarks><maml:para>Returns database schema for all Enterprise Certification Authority objects in the current forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CertificationAuthorityDbSchema</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CRLDistributionPoint</command:name><maml:description><maml:para>Retrieves specified Certification Authority Certificate Distribution Points (CDP) URLs</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CRLDistributionPoint</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves specified Certification Authority Certificate Distribution Points (CDP) URLs.</maml:para><maml:para>CDP extension is used by certificate chaining engine (CCE) to determine particular certificate revocation status. CDP extension consist of two parts:</maml:para><maml:para>- physical path that is used by Certification Authority (CA) to publish CRL files. These paths are not published in the certificate CDP extension. - URL (URI) that is used by CA to publish in issued certificates for CRL retrieval.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CRLDistributionPoint</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name RootCA | Get-CrlDistributionPoint</dev:code><dev:remarks><maml:para>Retrieves CRL distribution points from 'RootCA' Certification Authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint</dev:code><dev:remarks><maml:para>Retrieves CDP info from all Certification Authorities in the current forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority RootCA | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "6:http://crl.domain.com/%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will add new CDP URI to certificate CDP for 'RootCA' CA server. Also this will add new URI in Freshest CRL in CRL CDP to locate corresponding Delta CRL. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "65:\\ServerName\crlfile%9.crl", "65:C:\CertData\%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will add new paths for Base and Delta CRL file publication for all CAs in the current forest. This will not add any new URIs in certificate CDP extension, but instructs CA to publish physical CRL files to specified locations. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*c:\windows*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all CDP URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*ldap://*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all URIs that are used for CRL file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CRLDistributionPoint</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-CRLValidityPeriod</command:name><maml:description><maml:para>Retrieves CRL validity period.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>CRLValidityPeriod</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves CRL validity period and overlap settings. Overlap settings allows extension of CRL validity period for a certain time when you experience large (several hours) AD/DFS replication delays.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-CRLValidityPeriod</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company-CA" | Get-CRLValidityPeriod</dev:code><dev:remarks><maml:para>Returns CRL validity period settings for 'Company-CA' CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CRLValidityPeriod</dev:code><dev:remarks><maml:para>Returns CRL validity period settings for all Enterprise CA servers.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -BaseCRL "22 weeks" -BaseCRLOverlap "2 days" -RestartCA</dev:code><dev:remarks><maml:para>Sets Base CRL publishing period as 22 weeks and overlap delay as 2 days. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -DeltaCRL "0 days" -RestartCA</dev:code><dev:remarks><maml:para>Disables Delta CRL publishing for all Certification Authorities in current forest. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-CRLValidityPeriod</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CRLValidityPeriod</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-EnterprisePKIHealthStatus</command:name><maml:description><maml:para>Get-EnterprisePKIHealthStatus command is an extended console version of Enterprise PKI Health Tool (pkiview.msc MMC snap-in). It is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>EnterprisePKIHealthStatus</command:noun><dev:version /></command:details><maml:description><maml:para>This command is an extended console version of Enterprise PKI Health Tool (pkiview.msc MMC snap-in). It is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain. Depending on a parameter set, different certificate retrieval methods are used.</maml:para><maml:para>-- if '-CertificateAuthority' parameter is used, the command will attempt to retrieve the most recent "CA Exchange" certificate to use in the validation routine. -- if '-Certificate' parameter is used, the command will use passed certificates directly to use in the validation routine.</maml:para><maml:para>The following validation procedures are used by the validation routine:</maml:para><maml:para>1. Build certificate chain for each certificate to select trusted anchors and to go through the chain; 2. Retrieve all Issuer URLs from Authority Information Access extension; 2.1. Validate each url (must be either http or ldap) and attempt to download the contents; 2.2. If contents is downloaded, verify whether it is a certificate; 2.2.1. Verify if the downloaded certificate is an issuer for a current certificate; 2.2.2. Validate other certificate properties; 3. Extract URLs from CRL Distribution Points extension; 3.1. Validate each url (must be either http or ldap) and attempt to download the contents; 3.2. If contents is downloaded, verify whether it is a certificate revocation list; 3.2.1. Validate basic CRL properties, such as validity (not yet valid, expired, about to expire); 3.2.2. Validate whether the CRL has valid signature (against CA certificate); 3.3. Do the same for Delta CRLs (if applicable); 4. Extract all Online Certificate Status Protocols (OCSP) URLs from AIA extension; 4.1. Validate OCSP response by sending OCSP request and processing response; 5. Compose status report (managed, I maintain report object and you can access report properties); 6. Repeat steps 2-5 for each subsequent certificate in the chain up to root certificate; 7. Return an array of status objects. Single status object is generated for each certificate chain. </maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-EnterprisePKIHealthStatus</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificateAuthority</maml:name><maml:description><maml:para>Specifies one or more Enterprise Certification Authoity objects to verify. The command will attampt to download (or request a new one if necessarey) the most recent certificate based on "CA Exchange" certificate template. This certificate will be used to construct the chain, retrieve and validate CRL Distribution Points (CDP) and Authority Information Access (AIA) URLs for entire chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DownloadTimeout</maml:name><maml:description><maml:para>Specifies the URL download timeout in seconds. Default value is 15 seconds.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CaCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the CA certificate expiration threshold in percents. If CA certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and CA server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Base CRL expiration threshold in percents. If Base CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Base CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Delta CRL expiration threshold in percents. If Delta CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Delta CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>OcspCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Online Cetificate Status Protocol (OCSP) signing certificate expiration threshold in percents. If OCSP certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and OCSP server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-EnterprisePKIHealthStatus</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more certificate objects to verify. The command will use this certificate to construct the chain, retrieve and validate CRL Distribution Points (CDP) and Authority Information Access (AIA) URLs for entire certificate chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DownloadTimeout</maml:name><maml:description><maml:para>Specifies the URL download timeout in seconds. Default value is 15 seconds.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CaCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the CA certificate expiration threshold in percents. If CA certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and CA server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Base CRL expiration threshold in percents. If Base CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Base CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Delta CRL expiration threshold in percents. If Delta CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Delta CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>OcspCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Online Cetificate Status Protocol (OCSP) signing certificate expiration threshold in percents. If OCSP certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and OCSP server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificateAuthority</maml:name><maml:description><maml:para>Specifies one or more Enterprise Certification Authoity objects to verify. The command will attampt to download (or request a new one if necessarey) the most recent certificate based on "CA Exchange" certificate template. This certificate will be used to construct the chain, retrieve and validate CRL Distribution Points (CDP) and Authority Information Access (AIA) URLs for entire chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DownloadTimeout</maml:name><maml:description><maml:para>Specifies the URL download timeout in seconds. Default value is 15 seconds.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>15</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CaCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the CA certificate expiration threshold in percents. If CA certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and CA server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>80</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Base CRL expiration threshold in percents. If Base CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Base CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>80</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Delta CRL expiration threshold in percents. If Delta CRL certificate validity reaches this threshold value, its status is marked "Expiring" which indicate that in near future CRL will expire. Enterprise CAs automatically renew their CRLs in the CRL distribution points and no additional steps are required.</maml:para><maml:para>For Standlone, offline and 3rd party CAs, manual steps for Delta CRL renewal and publication to defined CRL distribution points may be required.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>80</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>OcspCertExpirationThreshold</maml:name><maml:description><maml:para>Specifies the Online Cetificate Status Protocol (OCSP) signing certificate expiration threshold in percents. If OCSP certificate validity reaches this threshold value, CA certificate status is marked "Expiring" which indicate that in near future it will expire, and OCSP server administrators should take care on CA certificate renewal or replacement.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>80</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies one or more certificate objects to verify. The command will use this certificate to construct the chain, retrieve and validate CRL Distribution Points (CDP) and Authority Information Access (AIA) URLs for entire certificate chain.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">X509Certificate2[]</command:parameterValue><dev:type><maml:name>X509Certificate2[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority[]</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>This parameter set is used to validate existing Enterprise CA</maml:para></maml:description></command:inputType><command:inputType><dev:type><maml:name> Security.Cryptography.X509Certificates.X509Certificate2[]</maml:name><maml:uri> https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para> This parameter set is used to validate Standalone and 3rd party CAs.</maml:para></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.EnterprisePKI.CAObject[]</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CA | Get-EnterprisePKIHealthStatus</dev:code><dev:remarks><maml:para>This example will enumerate all Enterprise Certification Authorities in the Active Directory forest and validate their chains and CDP/AIA URLs for accessibility and validity.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2 "C:\certs\leafcert.cer" PS C:\> Get-EnterprisePKIHealthStatus -Certificate $cert -CaCertExpirationThreshold 90 -BaseCrlExpirationThreshold 90 -DeltaCrlExpirationThreshold 70</dev:code><dev:remarks><maml:para>This example will instantiate an 'X509Certificate2' object from a certificate file and validate entire chain for validity and health. CA certificate and Base CRL will be considered 'Expiring' when certificate reaches 90% of its validity and Delta CRL when it reaches 70% of its validity.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-EnterprisePKIHealthStatus</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-ExtensionList</command:name><maml:description><maml:para>Retrieves certificate enabled/disabled extension lists.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>ExtensionList</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves certificate enabled/disabled extension lists. Extensions are separated in 3 categories:</maml:para><maml:para>EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request. OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used. DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.</maml:para><maml:para>Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-ExtensionList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList</dev:code><dev:remarks><maml:para>Returns ExtensionList object for specified CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-ExtensionList</dev:code><dev:remarks><maml:para>Returns ExtensionList object for all CAs in the forest with separate object per CA.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This command will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will ignore this extension in certificate request.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-ExtensionList</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-FailedRequest</command:name><maml:description><maml:para>Retrieves failed certificate requests from Certification Authority (CA) database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>FailedRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves failed certificate requests from Certification Authority (CA) database. Failed requests are requests that were either manually denied by CA Administrator or CA Manager, or denied by policy module due to some error in submitted request.</maml:para><maml:para>Since CA server may contain many failed certificate requests, you may specify various filters by using 'RequestID' or 'Filter' parameters.</maml:para><maml:para>Note: certain output object properties may have dots, for example: $object.Request.RawRequest. In order to access property value, it must be enclosed in double quotes: $object."Request.RawRequest".</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-FailedRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue><dev:type><maml:name>Int32[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>You can pipe this object to Remove-AdcsDatabaseRow to delete specified objects from CA database.</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA" | Get-FailedRequest</dev:code><dev:remarks><maml:para>Retrieves all failed certificate requests from "company-CA" certification authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA" | Get-FailedRequest -RequestID 5,80,105 -Property "Request.RawRequest"</dev:code><dev:remarks><maml:para>Retrieves failed requests with RequestID equals to 5, 80 and 105. Also this command will add "Request.RawRequest" property for further request contents examination.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-FailedRequest -Filter "CertificateTemplate -eq WebServer", "Request.SubmittedWhen -gt $((Get-Date).AddHours(-1)" -Property "*"</dev:code><dev:remarks><maml:para>In this example, the command will return all failed requests from all enterprise certification authorities that were submitted within last hour and based on a "WebServer" certificate template. This example is useful, when user reports about unsuccessful attempts to enroll for a certificate. Returned objects can be used to determine exact reason why reqest was failed.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-FailedRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityDbSchema</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-InterfaceFlag</command:name><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>InterfaceFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) management and request interface flags.</maml:para><maml:para>Management interface is implemented in ICertAdmin and request interface is implemented in ICertRequest. By using this (and related commands, such Enable-InterfaceFlag and Disable-InterfaceFlag) you can limit these interface usage. For example you can prevent AD CS remote management with ICertAdmin interface and allow AD CS management only locally.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-InterfaceFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.InterfaceFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_InterfaceFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA1" | Get-InterfaceFlag</dev:code><dev:remarks><maml:para>Returns 'company-CA1' CA server management and enrollment interface settings.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-InterfaceFlag</dev:code><dev:remarks><maml:para>Returns management and enrollment interface settings for all Enterprise CA servers in the current Active Directory forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoLocalIcertRequest" -RestartCA</dev:code><dev:remarks><maml:para>This example removes local enrollment restriction for "company-CA01" CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Disable-InterfaceFlag -Flag "NoRemoteICertAdminBackup" -RestartCA</dev:code><dev:remarks><maml:para>This example removes remote backup restrictions for all Enterprise CAs in the current Active Directory forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "NoRemoteIcertAdmin", "NoRemoteICertAdminBackup" -RestartCA</dev:code><dev:remarks><maml:para>This example restricts "company-CA01" CA server remote management and remote backup operations. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-InterfaceFlag | Enable-InterfaceFlag -Flag "EnableAdminAsAuditor" -RestartCA</dev:code><dev:remarks><maml:para>This example grants CA Administrators CA Auditor role for all Enterprise CAs in the current forest. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-InterfaceFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-InterfaceFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-InterfaceFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-IssuedRequest</command:name><maml:description><maml:para>Retrieves issued certificate requests from Certification Authority (CA) database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>IssuedRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves issued certificate requests from Certification Authority (CA) database. Issued certificate requests contain only valid and unrevoked issued certificates.</maml:para><maml:para>Since CA server may contain many issued certificates, you may specify various filters by using 'RequestID' or 'Filter' parameters.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-IssuedRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue><dev:type><maml:name>Int32[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>You can pipe this object to Remove-AdcsDatabaseRow to delete specified objects from CA database.</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -Filter "CertificateTemplate -eq WebServer", "CommonName -eq www.company.com"</dev:code><dev:remarks><maml:para>Retrieves only requests issued based on 'WebServer' template and which are issued to 'www.company.com' subject.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -RequestID 4,65,107 -Property "CertificateTemplate", "RawCertificate"</dev:code><dev:remarks><maml:para>Retrieves issued requests with RequestID equal to 4, 65 and 107. Also this command will add 'CertificateTemplate' and 'RawCertificate' properties. 'RawCertificate' contains issued certificate raw content and you can save it to a .cer file.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-IssuedRequest -Property "Request.RawRequest" -Filter "UPN -eq someone@company.com"</dev:code><dev:remarks><maml:para>Retieves issued requests that contains 'someone@company.com' in the Subject Alternative Names (SAN) extension. Also this command will add 'Request.RawRequest' property.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Get-IssuedRequest -Filter "NotAfter -ge $(Get-Date)", "NotAfter -le $((Get-Date).AddMonths(2))"</dev:code><dev:remarks><maml:para>This command will retrieve certificates from CA server hosted on 'ca01.company.com' server, that will expire in next two months.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-IssuedRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityDbSchema</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-FailedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Revoke-Certificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-KeyRecoveryAgentFlag</command:name><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) key recovery agent (KRA) settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>KeyRecoveryAgentFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves Active Directory Certificate Services (AD CS) key recovery agent (KRA) settings. Use this command in conjunction with Enable-KeyRecoveryAgentFlag and Disable-KeyRecoveryAgentFlag cmdlets to configure KRA settings.</maml:para><maml:para>By default no KRA flags are defined.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-KeyRecoveryAgentFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -name "company-CA01" | Get-KeyRecoveryAgentFlag</dev:code><dev:remarks><maml:para>The command retrieves KRA settings for 'company-CA01' CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag</dev:code><dev:remarks><maml:para>The command retrieves KRA settings for all Enterprise CAs in the current Active Directory forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-KeyRecoveryAgentFlag | Disable-KeyRecoveryAgentFlad -Flag "EnableForeign"</dev:code><dev:remarks><maml:para>This command disables key archival for keys that were issued (signed) by other (or 3rd party) CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag | Enable-KeyRecoveryAgentFlad -Flag "EnableForeign"</dev:code><dev:remarks><maml:para>This example allows the CA to archive public and private key pair that were issued (signed) by other (or 3rd party) CA. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-KeyRecoveryAgentFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-KeyRecoveryAgentFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-OnlineResponderAcl</command:name><maml:description><maml:para>Gets Online Responder's Access Control List (ACL).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>OnlineResponderAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Gets Online Responder's Access Control List (ACL). This ACL controls the access level to the specified OCSP server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to retrieve ACL for. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to retrieve ACL for. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl</dev:code><dev:remarks><maml:para>Retrieves ACL from Online Responder hosted on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-OnlineResponderAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-OnlineResponderRevocationConfiguration</command:name><maml:description><maml:para>Retrieves revocation configuration from Online Responder.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>OnlineResponderRevocationConfiguration</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves revocation configuration from Online Responder.</maml:para><maml:para>Revocation configuration contains settings Online Responder uses to process OCSP requests for specified CA server. This includes revocation information source, signing certificate assignment and other settings.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder to retrieve revocation configurations from.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Name</maml:name><maml:description><maml:para>Optional revocation configuration name. If this parameter is not specified, all revocation configurations are returned from Online Responder.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder to retrieve revocation configurations from.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Name</maml:name><maml:description><maml:para>Optional revocation configuration name. If this parameter is not specified, all revocation configurations are returned from Online Responder.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration</dev:code><dev:remarks><maml:para>Retrieves all revocation configurations from Online Responder on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration -Name "Example Org v0.0"</dev:code><dev:remarks><maml:para>Retrieves "Example Org v0.0" revocation configurations from Online Responder on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-OnlineResponderRevocationConfiguration</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-PendingRequest</command:name><maml:description><maml:para>Retrieves pending certificate requests from Certification Authority (CA) database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>PendingRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves pending certificate requests from Certification Authority (CA) database. Pending requests are requests that require manual CA Administrator or CA Manger approval. You must use this command in order to approve or deny pending request with Approve-PendingRequest or Deny-PendingRequest</maml:para><maml:para>Since a CA server may contain many pending certificate requests, you may specify various filters by using 'RequestID' or 'Filter' parameters.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-PendingRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue><dev:type><maml:name>Int32[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>You can pipe this object to Remove-AdcsDatabaseRow to delete specified objects from CA database.</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-PendingRequest</dev:code><dev:remarks><maml:para>Retrieves all pending certificate requests from 'MyCA' certification Authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-PendingRequest -Property "CertificateTemplate", "Request.RawRequest"</dev:code><dev:remarks><maml:para>Retrieves all pending certificate requests from 'MyCA' CA server. Also this command adds 'CertificateTemplate' and 'Request.RawRequest' properties. 'Request.RawRequest' property contains original request that was submitted. You can save this property's value to a file for detailed request inspection.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-PendingRequest -Filter "Request.CommonName -eq www.company.com" | Approve-CertificateRequest</dev:code><dev:remarks><maml:para>The command retrieves all pending request from MyCA which were submitted for 'www.company.com' subject name and pipes it to Approve-CertificateRequest command to issue the certificate (complete certificate request). Additionally you can pipe the object to Deny-CertificateRequest command if you decided to not issue the certificate for the request.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-PendingRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityDbSchema</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-FailedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Approve-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Deny-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-PolicyModuleFlag</command:name><maml:description><maml:para>Retrieves default policy module flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>PolicyModuleFlag</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves default Policy Module flags. These flags are processed by policy module during certificate request processing.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-PolicyModuleFlag</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag</dev:code><dev:remarks><maml:para>Returns policy module enabled flags for specified CA server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-PolicyModuleFlag</dev:code><dev:remarks><maml:para>Returns policy module enabled flags for all CAs in the forest with separate object per CA.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag AttributeSubjectAlternativeName -RestartCA</dev:code><dev:remarks><maml:para>Disables 'Subject Alternative Name' attribute in a submitted certificate request and restarts certificate services. In order to issue a certificate with SAN extension, it must be a part of certificate request extensions. After command completion Company-CA CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA</dev:code><dev:remarks><maml:para>Disables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will prevent CA to issue OCSP Response Signing certificate and any previously disabled extension (see Add-ExtensionList) will be populated in the issued certificates. After command completion Company-CA CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag AttributeSubjectAlternativeName -Restart CA</dev:code><dev:remarks><maml:para>Enables 'Subject Alternative Name' attribute in a submitted certificate request. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.</maml:para><maml:para>Note: do not enable SAN attribute on Enterprise CAs if it is possible to include SAN as extension.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA</dev:code><dev:remarks><maml:para>Enables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will allow CA to issue OCSP Response Signing certificate and will instruct CA server to process disabled extension list (see Add-ExtensionList) and extensions in this list will be not populated in issued certificates. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-PolicyModuleFlag</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restore-PolicyModuleFlagDefault</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Get-RevokedRequest</command:name><maml:description><maml:para>Retrieves revoked certificate requests from Certification Authority (CA) database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>RevokedRequest</command:noun><dev:version /></command:details><maml:description><maml:para>Retrieves revoked certificate requests from Certification Authority (CA) database.</maml:para><maml:para>Since a CA server may contain many revoked certificates, you may specify various filters by using 'RequestID' or 'Filter' parameters.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-RevokedRequest</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>RequestID</maml:name><maml:description><maml:para>Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.</maml:para><maml:para>If this parameter is used, 'Filter' parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Int32[]</command:parameterValue><dev:type><maml:name>Int32[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="4"><maml:name>Property</maml:name><maml:description><maml:para>By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CertificationAuthorityDbSchema command.</maml:para><maml:para>In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="5"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where: <RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CertificationAuthorityDbSchema command. <comparison operator> - specifies the logical operator of the data-query qualifier for the column. <value> - specifies the data query qualifier applied to the certificate request property.</maml:para><maml:para>Possible operators are: -eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property. -le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers. -ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers. -gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.</maml:para><maml:para>There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC". If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".</maml:para><maml:para>An example of the filter: Request.RequesterName -eq domain\username this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.</maml:para><maml:para>You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.</maml:para><maml:para>Note: wildcard characters are not supported.</maml:para><maml:para>Note: if 'RequestID' parameter is specified, all filters are ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>Page</maml:name><maml:description><maml:para>Specifies the page number to read from CA database. This parameter is part of CA database paging functionality and works in conjunction with 'PageSize' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>PageSize</maml:name><maml:description><maml:para>Specifies the page size to load from CA database. This parameter can limit the number of database rows returned by this command at once. When not specified, no limits are set and CA will return all rows associated with the query.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para>You can pipe this object to Remove-AdcsDatabaseRow to delete specified objects from CA database.</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA" | Get-RevokedRequest</dev:code><dev:remarks><maml:para>Retrieves all revoked certificate requests from MyCA certification Authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "company-CA" | Get-RevokedRequest -Property "CertificateTemplate", "RawCertificate" -Filter "RequestID -ge 100","Request.RequesterName -eq domain\administrator"</dev:code><dev:remarks><maml:para>Retrieves revoked requests with RequestID greater or equal to 100 and that was submitted by 'Domain\Administrator' user account. Also this command will add CertificateTemplate and RawCertificate properties.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01" | Get-RevokedRequest -Filter "NotAfter -lt $(Get-Date)" | Remove-Request</dev:code><dev:remarks><maml:para>The command will retrieve all expired revoked certificates from CA server hosted on 'ca01' server and pipes them to Remove-Request. This example can be useful, when you CA's database size is very large and you want to reduce it's size by removing already expired revoked certificate. However you must be careful and do not remove revoked signing certificates (which were used to sign data).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Get-RevokedRequest</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityDbSchema</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-FailedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Import-LostCertificate</command:name><maml:description><maml:para>Imports previously issued certificate to a Certification Authority (CA) database</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Import</command:verb><command:noun>LostCertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Imports previously issued certificate to a Certification Authority (CA) database.</maml:para><maml:para>In the case when CA server fails and you have backup taken certain time prior, CA server may issue certificates that are not included in the most recent backup tape. If a certificate is not on the backup tapes used to restore the certification authority but exists in a file, the certificate can be imported by means of this command.</maml:para><maml:para>Note: the certificate being imported must have been previously issued by the certification authority specified in CA parameter. The restored certification authority will validate the certificate's signature, and if the signature is not valid, the command will throw error.</maml:para><maml:para>Note: you cannot import a certificate if it already exists in the database. Each certificate in the database must be unique. The database ensures uniqueness by checking the certificate's serial number.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Import-LostCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a certificate file. This parameter accepts only certificates saved in a DER or Base64 encoding without private key (with CER extension).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Import-LostCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an existing X509Certificate2 object. This object can be retrieved from local store by searching through local store (Get-ChilItem cert:\CurrentUser\My) or obtained through other means as an X509Certificate2 object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Import-LostCertificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>RawData</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array of a target certificate. This byte array can be retrieved by searching through Active Directory user account published certificates stored in userCertificates attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue><dev:type><maml:name>CertificateAuthority</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path to a certificate file. This parameter accepts only certificates saved in a DER or Base64 encoding without private key (with CER extension).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Certificate</maml:name><maml:description><maml:para>Specifies an existing X509Certificate2 object. This object can be retrieved from local store by searching through local store (Get-ChilItem cert:\CurrentUser\My) or obtained through other means as an X509Certificate2 object.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>RawData</maml:name><maml:description><maml:para>Specifies a DER-encoded byte array of a target certificate. This byte array can be retrieved by searching through Active Directory user account published certificates stored in userCertificates attribute.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Int64</maml:name><maml:uri>http://msdn.microsoft.com/en-us/library/system.int64.aspx</maml:uri><maml:description/></dev:type><maml:description><maml:para>Return value specifies the row number in the database which holds imported certificate.</maml:para></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Import-LostCertificate -Path C:\lostcert.cer</dev:code><dev:remarks><maml:para>Imports certificate from a file and adds it to a CA database.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $IssuedWhen = (Get-Date).AddDays(-1) C:\PS>$cert = Get-ChildItem cert:\CurrentUser\My | Where-Object {$_.NotBefore -gt $IssuedWhen} C:\PS>$cert | Foreach-Object {Get-CertificationAuthority ca01.company.com | Import-LostCertificate -Certificate $_}</dev:code><dev:remarks><maml:para>In this example we set a date when the last backup was taken. In the second line we search through current user Personal certificate store and select certificates was issued after the last backup was taken. The last command will import these certificates to a CA database by using Foreach-Object loop.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Import-Module ActiveDirectory C:\PS>$user = Get-ADUser vpodans -Properties "userCertificate" C:\PS>Get-CertificationAuthority MyCA | Import-LostCertificate -RawData @(,$user.userCertificate[0])</dev:code><dev:remarks><maml:para>In this example first command imports ActiveDirectory PowerShell module (available on domain controllers running Windows Server 2008 R2 or Windows 7 with installed RSAT). The second command retrieves specified user (vpodans) account with populated userCertificate property. The last command will import first published certificate to a CA database.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Import-LostCertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Publish-CRL</command:name><maml:description><maml:para>Instructs CA server to publish new CRL.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Publish</command:verb><command:noun>CRL</command:noun><dev:version /></command:details><maml:description><maml:para>Instructs CA server to publish new either Base or Delta CRL, or just updates existing CRLs. If Base CRL is published, empty Delta CRL is published too.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Publish-CRL</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaOnly</maml:name><maml:description><maml:para>Instructs CA to publish only new Delta (incremental) CRL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UpdateFile</maml:name><maml:description><maml:para>Instructs CA to republish existing CRLs. No updates are performed in CRL table. This parameter just updates missing CRL files.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaOnly</maml:name><maml:description><maml:para>Instructs CA to publish only new Delta (incremental) CRL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>UpdateFile</maml:name><maml:description><maml:para>Instructs CA to republish existing CRLs. No updates are performed in CRL table. This parameter just updates missing CRL files.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority MyCA* | Publish-CRL</dev:code><dev:remarks><maml:para>Publishes new Base and empty Delta CRLs.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority MyCA* | Publish-CRL -DeltaOnly</dev:code><dev:remarks><maml:para>Publishes new Delta CRL.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Publish-CRL -UpdateFile</dev:code><dev:remarks><maml:para>Republishes existing CRLs for all CA servers in the forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Publish-CRL</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-AdcsDatabaseRow</command:name><maml:description><maml:para>Removes CA database rows individually or in a bulk based on removal filter.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>DatabaseRow</command:noun><dev:version /></command:details><maml:description><maml:para>Removes CA database rows individually or in a bulk based on removal filter. This command is mainly used to reduce CA database size by removing old and unnecessary database rows.</maml:para><maml:para>Hint: when you remove large number of database rows, it is recommended to perform a full CA database backup and restore to efficiently re-allocate disk space and update database log files.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-AdcsDatabaseRow</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the request row object to remove from database.</maml:para><maml:para>Note: removal for database row objects that represent 'Attribute' or 'Extension' table is not supported. When database row from 'Request' table is removed, corresponding entries in 'Attribute' and 'Extension' tables are removed by CA server internally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-AdcsDatabaseRow</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the certification authority to process. This parameter works in conjunction with 'Filter' and 'RemoveBefore' parameters.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the filter that is used to determine the type of database rows to be deleted. This parameter works in conjunction with 'RemoveBefore' and 'CertificationAuthority' parameters. The following filters are available: ExpiredCerts -- removes issued and revoked certificates that expired (based on NotAfter field value) before the date specified in the 'RemoveBefore' parameter. ExpiredFailedPending -- removes issued and revoked certificates that were last modified before the date specified in the 'RemoveBefore' parameter. Request -- combines previous two filters. CRL -- removes published CRLs that expired (base on NextPublish field value) before the date specified in the 'RemoveBefore' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RemoveBefore</maml:name><maml:description><maml:para>Specifies an expiration date when deleting certificates or CRLs, and a last modified date when deleting certificate requests. This parameter has no effect when you pass individual row objects.</maml:para><maml:para>Warning: if this parameter is not set, the command will remove all database rows specified by a filter! Think twice!</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the request row object to remove from database.</maml:para><maml:para>Note: removal for database row objects that represent 'Attribute' or 'Extension' table is not supported. When database row from 'Request' table is removed, corresponding entries in 'Attribute' and 'Extension' tables are removed by CA server internally.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Filter</maml:name><maml:description><maml:para>Specifies the filter that is used to determine the type of database rows to be deleted. This parameter works in conjunction with 'RemoveBefore' and 'CertificationAuthority' parameters. The following filters are available: ExpiredCerts -- removes issued and revoked certificates that expired (based on NotAfter field value) before the date specified in the 'RemoveBefore' parameter. ExpiredFailedPending -- removes issued and revoked certificates that were last modified before the date specified in the 'RemoveBefore' parameter. Request -- combines previous two filters. CRL -- removes published CRLs that expired (base on NextPublish field value) before the date specified in the 'RemoveBefore' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the certification authority to process. This parameter works in conjunction with 'Filter' and 'RemoveBefore' parameters.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RemoveBefore</maml:name><maml:description><maml:para>Specifies an expiration date when deleting certificates or CRLs, and a last modified date when deleting certificate requests. This parameter has no effect when you pass individual row objects.</maml:para><maml:para>Warning: if this parameter is not set, the command will remove all database rows specified by a filter! Think twice!</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType><command:inputType><dev:type><maml:name> PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri> https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Utils.IServiceOperationResult</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Utils_IServiceOperationResult.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 15,63,112 | Remove-AdcsDatabaseRow</dev:code><dev:remarks><maml:para>In this example, pending requests with RequestID equals to 15, 63 and 112 will be removed from CA database.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-FailedRequest | Remove-AdcsDatabaseRow</dev:code><dev:remarks><maml:para>This command will remove all failed request. Other request types and tables will be untouched.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "Request" -RemoveBefore $((Get-Date).AddYears(-1)) PS C:\> Get-CertificationAuthority "ca01.company.com" | Remove-AdcsDatabaseRow -Filter "CRL" -RemoveBefore $((Get-Date).AddYears(-1))</dev:code><dev:remarks><maml:para>In this example, two commands are used to perform a full CA database cleanup. All certificate reuqests and CRLs that expired (or last modified for pending and failed requests) one year ago.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-AdcsDatabaseRow</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-FailedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AdcsDatabaseRow</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-AuthorityInformationAccess</command:name><maml:description><maml:para>Removes existing Authority Information Access (AIA) URI from Certification Authority configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>AuthorityInformationAccess</command:noun><dev:version /></command:details><maml:description><maml:para>Removes existing Authority Information Access (AIA) URI from Certification Authority configuration. This command doesn't change actual settings, but just prepares AIA URIs.</maml:para><maml:para>You should carefully choose URIs to remove. If you incorrectly remove working and used URIs issued certificates validation may fail and certificate will be rejected.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-AuthorityInformationAccess</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the AIA object to process. This object can be retrieved by running Get-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies exact or partial pattern for URI to remove. This parameter accepts wildcards: '*' and '?'.</maml:para><maml:para>* - is used as multiple character wildcard ? - is used as single character wildcard</maml:para><maml:para>Note: be careful with this command. If you remove existing and working URLs certificate chain building may fail.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the AIA object to process. This object can be retrieved by running Get-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue><dev:type><maml:name>AuthorityInformationAccess[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies exact or partial pattern for URI to remove. This parameter accepts wildcards: '*' and '?'.</maml:para><maml:para>* - is used as multiple character wildcard ? - is used as single character wildcard</maml:para><maml:para>Note: be careful with this command. If you remove existing and working URLs certificate chain building may fail.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*c:\windows*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all AIA URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*ldap://*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all URIs that are used for CRT file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-AithorityInformationAccess</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CAKRACertificate</command:name><maml:description><maml:para>Removes Key Recovery Agent (KRA) certificate from a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CAKRACertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Removes key recovery agent certificate from a specified Certification Authority (CA). This command doesn't change actual settings, but just prepares KRA object. To change KRAs on CA use this command in conjunction with Set-CAKRACertificate command.</maml:para><maml:para>Key Recovery Agent certificate is used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CAKRACertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-CAKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies one or more KRA certificate thumbprint to remove. Parameter also accepts thumbprint strings in 'certutil' style (when all characters are in lowercase and each octet is divided by space character), for example: '70 14 4a 76 3e 3a 66 27 56 89 8c 31 60 29 7c 8c bc d2 44 dc'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ShowUI</maml:name><maml:description><maml:para>This parameter displays existing assigned KRA certificates in a UI form. Select one or more KRA certificates to remove and click Ok.</maml:para><maml:para>If this parameter is specified, all other parameters are ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>InvalidOnly</maml:name><maml:description><maml:para>This parameter will remove all currently assigned KRA certificates that doesn't met at least one of the following requirements: -- is time valid; -- is not revoked; -- issued by trusted certification authority; -- intended for key archival purposes.</maml:para><maml:para>This parameter is useful for sanity and health checking's that assigns only valid key recovery agent certificates.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the KRA object to process. This object can be retrieved by running Get-CAKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue><dev:type><maml:name>KRA[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Thumbprint</maml:name><maml:description><maml:para>Specifies one or more KRA certificate thumbprint to remove. Parameter also accepts thumbprint strings in 'certutil' style (when all characters are in lowercase and each octet is divided by space character), for example: '70 14 4a 76 3e 3a 66 27 56 89 8c 31 60 29 7c 8c bc d2 44 dc'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ShowUI</maml:name><maml:description><maml:para>This parameter displays existing assigned KRA certificates in a UI form. Select one or more KRA certificates to remove and click Ok.</maml:para><maml:para>If this parameter is specified, all other parameters are ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>InvalidOnly</maml:name><maml:description><maml:para>This parameter will remove all currently assigned KRA certificates that doesn't met at least one of the following requirements: -- is time valid; -- is not revoked; -- issued by trusted certification authority; -- intended for key archival purposes.</maml:para><maml:para>This parameter is useful for sanity and health checking's that assigns only valid key recovery agent certificates.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Remove-CAKRACertificate -Thumbprint "70144A763E3A662756898C3160297C8CBCD244DC" | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove key recovery agent certificate with thumbprint '70144A763E3A662756898C3160297C8CBCD244DC' from 'MyCA' CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CAKRACertificate | Remove-CAKRACertificate -InvalidOnly | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove invalid KRA certificates from all CA servers in the current forest. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CAKRACertificate | Remove-CAKRACertificate -ShowUI | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve currently assigned KRA certificates and displays certificate selection UI where you can select certificates to remove and writes new KRA certificate list back to a Company-CA CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CAKRACertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CATemplate</command:name><maml:description><maml:para>Removes certificate templates from list that can be issued by a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CATemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Removes certificate templates from the list that can be issued by a specified Certification Authority (CA).</maml:para><maml:para>This command actually just prepares a new template list to be added to CA server. In order to write the new list to CA server use Set-CATemplate command (see examples).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies template (or templates) display name to remove from a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies template (or templates) common name to remove from a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Template</maml:name><maml:description><maml:para>Specifies template (or templates) object to remove from a specified CA server. Template object can be retrieved by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running Get-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue><dev:type><maml:name>CATemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DisplayName</maml:name><maml:description><maml:para>Specifies template (or templates) display name to remove from a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies template (or templates) common name to remove from a specified CA server.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Template</maml:name><maml:description><maml:para>Specifies template (or templates) object to remove from a specified CA server. Template object can be retrieved by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateTemplate[]</command:parameterValue><dev:type><maml:name>CertificateTemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Remove-CATemplate -Name "Machine","WebServer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove Machine and 'WebServer' templates from 'Company CA01' CA server. CA server will unable to issue any certificates based on specified templates.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Remove-CATemplate -DisplayName "Domain Controller" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove Domain Controller template from all Enterprise CAs in the forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -DisplayName "Key Recovery Agent" C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Remove-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example first command retrieves Key Recovery Agent template object. In the second line specified template will be removed from CA server running on ca01.company.com server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CATemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CertificateTemplate</command:name><maml:description><maml:para>Removes certificate template from Active Directory.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CertificateTemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Removes certificate template from Active Directory.</maml:para><maml:para>Note: in order to remove certificate template objects, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' and 'OID' Active Directory containers.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CertificateTemplate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Template</maml:name><maml:description><maml:para>Specifies certificate template object to remove. This object can be obtained by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateTemplate</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Template</maml:name><maml:description><maml:para>Specifies certificate template object to remove. This object can be obtained by running Get-CertificateTemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateTemplate</command:parameterValue><dev:type><maml:name>CertificateTemplate</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateTemplates.CertificateTemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateTemplates_CertificateTemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate "Temp Template" | Remove-CertificateTemplate</dev:code><dev:remarks><maml:para>Removes certificate template with display name 'TempTemplate' from Active Directory.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CertificateTemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CertificateTemplateAcl</command:name><maml:description><maml:para>Removes an entity (user, computer, or security group) from the certificate template ACL.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CertificateTemplateAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Removes an entity (user, computer, or security group) from the certificate template ACL.</maml:para><maml:para>This command only prepares new certificate template ACL object. In order to write it to the actual object use this command's result to Set-CertificateTemplateAcl cmdlet (see Examples section).</maml:para><maml:para>Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an account (user, computer or security group) to remove from the certificate template ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificateTemplateAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertTemplateSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies an account (user, computer or security group) to remove from the certificate template ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -Identity "OldWebServer" -AccessType Allow | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This command removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CertificateTemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CertificationAuthorityAcl</command:name><maml:description><maml:para>Removes existing Access Control Entry (ACE) from a Certification Authority's Access Control List (ACL) for a specified user account or group.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CertificationAuthorityAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Removes existing Access Control Entry (ACE) from a Certification Authority's Access Control List (ACL) for a specified user account or group.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies user or group account name to remove from Certification Authority ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-CertificationAuthorityAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertSrvSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies user or group account name to remove from Certification Authority ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -Identity "jsmith","JohnWayne" -AccessType Allow | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves current access control list from CA server installed on "ca01.company.com", removes all permissions explicitly granted to "John Smith" and "John Wayne" and writes modified ACL to CA configuration. After command completion CA service will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CertificationAuthorityAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-CRLDistributionPoint</command:name><maml:description><maml:para>Removes existing CRL distribution points (CDP) from Certification Authority configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>CRLDistributionPoint</command:noun><dev:version /></command:details><maml:description><maml:para>Removes existing CRL distribution points (CDP) from Certification Authority configuration. This command doesn't change actual settings, but just prepares CDP URIs to pass to Set-CRLDistributionPoint command (see examples).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-CRLDistributionPoint</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CDP object to remove from CRL distribution points. This object can be retrieved by running Get-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies exact or partial pattern for URI to remove. This parameter accepts wildcards: '*' and '?'.</maml:para><maml:para>* - is used as multiple character wildcard ? - is used as single character wildcard</maml:para><maml:para>Note: be careful with this command. If you remove existing and working URLs certificate revocation checking may fail.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the CDP object to remove from CRL distribution points. This object can be retrieved by running Get-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue><dev:type><maml:name>CRLDistributionPoint[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>URI</maml:name><maml:description><maml:para>Specifies exact or partial pattern for URI to remove. This parameter accepts wildcards: '*' and '?'.</maml:para><maml:para>* - is used as multiple character wildcard ? - is used as single character wildcard</maml:para><maml:para>Note: be careful with this command. If you remove existing and working URLs certificate revocation checking may fail.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*c:\windows*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all CDP URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*ldap://*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all URIs that are used for CRL file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-CRLDistributionPoint</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-ExtensionList</command:name><maml:description><maml:para>Removes certificate enabled/disabled extension lists.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>ExtensionList</command:noun><dev:version /></command:details><maml:description><maml:para>Removes certificate enabled/disabled extension lists. Extensions are sorted in 3 categories:</maml:para><maml:para>EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request. OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used. DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.</maml:para><maml:para>For more details see corresponding parameter description.</maml:para><maml:para>Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-ExtensionList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing ExtensionList object. This object can be retrieved by running Get-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>EnabledExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions to remove that are added to the issued certificate upon request. This list is processed by policy module each time the request is resolved (produces issued certificate). You should carefully use this property and do not enable security-critical extension, like Subject Alternative Names (SAN). CA server performs additional extension processing by using '-OfflineExtension' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>OfflineExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions to remove that are added to the issued certificate against offline request. 'offline' request is such request which includes subject information and CA server do not use Active Directory to build certificate's subject. For example, requests based on default 'WebServer' certificate template are considered as 'offline', because the template is configured to build the subject from submitted request. If certificate template is configured to build the subject from Active Directory, OfflineExtensionList property has no effect and any extensions in the request are written to CA database, but not included in issued certificate.</maml:para><maml:para>For Standalone CAs, all requests are treated as 'offline'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3"><maml:name>DisabledExtension</maml:name><maml:description><maml:para>Remove specified extension by it's friendly name or extension OID to prevent from publishing in issued certificates.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing ExtensionList object. This object can be retrieved by running Get-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue><dev:type><maml:name>ExtensionList[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>EnabledExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions to remove that are added to the issued certificate upon request. This list is processed by policy module each time the request is resolved (produces issued certificate). You should carefully use this property and do not enable security-critical extension, like Subject Alternative Names (SAN). CA server performs additional extension processing by using '-OfflineExtension' parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="2"><maml:name>OfflineExtension</maml:name><maml:description><maml:para>Specifies the list of certificate extensions to remove that are added to the issued certificate against offline request. 'offline' request is such request which includes subject information and CA server do not use Active Directory to build certificate's subject. For example, requests based on default 'WebServer' certificate template are considered as 'offline', because the template is configured to build the subject from submitted request. If certificate template is configured to build the subject from Active Directory, OfflineExtensionList property has no effect and any extensions in the request are written to CA database, but not included in issued certificate.</maml:para><maml:para>For Standalone CAs, all requests are treated as 'offline'.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3"><maml:name>DisabledExtension</maml:name><maml:description><maml:para>Remove specified extension by it's friendly name or extension OID to prevent from publishing in issued certificates.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Oid[]</command:parameterValue><dev:type><maml:name>Oid[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This example will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will publish this extension in 'offline' certificate requests.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-ExtensionList</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-OnlineResponderAcl</command:name><maml:description><maml:para>Removes an entity (user, computer, or security group) from the Online Responder ACL.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>OnlineResponderAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Removes an entity (user, computer, or security group) from the certificate template ACL.</maml:para><maml:para>This command only prepares new certificate template ACL object. In order to write it to the actual object use this command's result to Set-OnlineResponderAcl cmdlet (see Examples section).</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies user or group account name to remove from Certification Authority ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to modify. This object can be retrieved by running Get-OnlineResponderAcl command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>OcspResponderSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AccessType</maml:name><maml:description><maml:para>Specifies the AccessType to remove. The value can be either Allow or Deny. All Access Control Entries (ACE) with specified AccessType will be removed from ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">AccessControlType</command:parameterValue><dev:type><maml:name>AccessControlType</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all Access Control Entries from the current ACL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Identity</maml:name><maml:description><maml:para>Specifies user or group account name to remove from Certification Authority ACL.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">NTAccount[]</command:parameterValue><dev:type><maml:name>NTAccount[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Identity "Old OCSP Admins" -AccessType Allow | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>In this example, a group "Old OCSP Admins" is removed from ACL for Online Responder "ocsp1.example.com"</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-OnlineResponderAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-OnlineResponderArrayMember</command:name><maml:description><maml:para>Removes Online Responder from existing Online Responder array.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>OnlineResponderArrayMember</command:noun><dev:version /></command:details><maml:description><maml:para>Removes Online Responder from existing Online Responder array.</maml:para><maml:para>This command does:</maml:para><maml:para>-- removes specified Online Responder from existing array to a new one -- removes all revocation configurations from specified Online Responder -- promotes specified Online Responder to Array Controller in new array</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-OnlineResponderArrayMember</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ArrayController</maml:name><maml:description><maml:para>Existing array's array controller instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>ComputerName</maml:name><maml:description><maml:para>Array member computer name to remove from existing array.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>ArrayController</maml:name><maml:description><maml:para>Existing array's array controller instance.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponder</command:parameterValue><dev:type><maml:name>OcspResponder</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>ComputerName</maml:name><maml:description><maml:para>Array member computer name to remove from existing array.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Remove-OnlineResponderArrayMember -ComputerName "ocsp3.example.com"</dev:code><dev:remarks><maml:para>Removes Online Responder hosted on "ocsp3.example.com" from an existing array with array controller "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-OnlineResponderArrayMember</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderArrayMember</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-OnlineResponderLocalCrlEntry</command:name><maml:description><maml:para>Remove local revocation entry from specified Online Responder revocation configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>OnlineResponderLocalCrlEntry</command:noun><dev:version /></command:details><maml:description><maml:para>Remove local revocation entry from specified Online Responder revocation configuration.</maml:para><maml:para>Normally, Online Responder refers to CRL to determine if requested serial number is revoked or not. Administrators can manage serial numbers that are considered revoked even if they are not listed in reference CRL.</maml:para><maml:para>Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-OnlineResponderLocalCrlEntry</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-OnlineResponderLocalCrlEntry</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all entries from local CRL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue><dev:type><maml:name>OcspResponderRevocationConfiguration[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumber</maml:name><maml:description><maml:para>Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Force</maml:name><maml:description><maml:para>Removes all entries from local CRL.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Remove-OnlineResponderLocalCrlEntry -SerialNumber "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f"</dev:code><dev:remarks><maml:para>Removes certificate serial numbers "097bc012207f2c914e3f390551a98162" and "2f3b6244bd2ce5b544abf7ef47fa8d3f" from Online Responder revocation configuration's local CRL.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Remove-OnlineResponderLocalCrlEntry -Force</dev:code><dev:remarks><maml:para>Removes all serial numbers from Online Responder revocation configuration's local CRL.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-OnlineResponderLocalCrlEntry</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderLocalCrlEntry</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Remove-OnlineResponderRevocationConfiguration</command:name><maml:description><maml:para>Removes revocation configuration from Online Responder.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Remove</command:verb><command:noun>OnlineResponderRevocationConfiguration</command:noun><dev:version /></command:details><maml:description><maml:para>Removes revocation configuration from Online Responder.</maml:para><maml:para>Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Remove-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RevocationConfiguration</maml:name><maml:description><maml:para>Specifies the revocation configuration to remove.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Remove-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to remove revocation configuration from. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the revocation configuration to remove.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>Name</maml:name><maml:description><maml:para>Specifies the revocation configuration to remove.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to remove revocation configuration from. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RevocationConfiguration</maml:name><maml:description><maml:para>Specifies the revocation configuration to remove.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue><dev:type><maml:name>OcspResponderRevocationConfiguration[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Remove-OnlineResponderRevocationConfiguration -Name "Example Org v0.0"</dev:code><dev:remarks><maml:para>Removes "Example Org v0.0" revocation configuration from Online Responder on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration | Remove-OnlineResponderRevocationConfiguration</dev:code><dev:remarks><maml:para>This example removes all revocation configurations from Online Responder on "ocsp1.example.com"</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Remove-OnlineResponderRevocationConfiguration</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderRevocationConfiguration</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Restart-CertificationAuthority</command:name><maml:description><maml:para>Restarts certificate services on specified Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restart</command:verb><command:noun>CertificationAuthority</command:noun><dev:version /></command:details><maml:description><maml:para>Restarts certificate services on specified Certification Authority</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restart-CertificationAuthority</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object to restart. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the Certification Authority object to restart. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Restart-CertificationAuthority</dev:code><dev:remarks><maml:para>Restarts certificates cervices on a CA server running on 'ca01.company.com'.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Restart-CertificationAuthority</dev:code><dev:remarks><maml:para>Restarts certificate services on all Certification Authorities in the forest</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Restart-CertificationAuthority</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Start-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Stop-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Restart-OnlineResponder</command:name><maml:description><maml:para>Restarts Online Responder service.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restart</command:verb><command:noun>OnlineResponder</command:noun><dev:version /></command:details><maml:description><maml:para>Restarts Online Responder service. This command restarts 'ocspsvc' service on specified server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restart-OnlineResponder</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to restart. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to restart. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Restart-OnlineResponder</dev:code><dev:remarks><maml:para>Restarts Online Responder service on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Restart-OnlineResponder</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Start-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Stop-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Restore-CertificateRevocationListFlagDefault</command:name><maml:description><maml:para>Restores default CA certificate revocation list (CRL) configuration flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restore</command:verb><command:noun>CertificateRevocationListFlagDefault</command:noun><dev:version /></command:details><maml:description><maml:para>Restores default CA certificate revocation list (CRL) configuration flags and discards any previous CRL flag modifications. This command is helpful in the case of incorrect configuration or you want to stay "default".</maml:para><maml:para>By default only these flags are enabled: DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restore-CertificateRevocationListFlagDefault</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing CRLFlag object. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing CRLFlag object. This object can be retrieved by running Get-CertificateRevocationListFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLFlag[]</command:parameterValue><dev:type><maml:name>CRLFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.CRLFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_CRLFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Get-CRLFlag | Restore-CRLFlagDefault -RestartCA</dev:code><dev:remarks><maml:para>The command restores default flags for CA CRL configuration for CA server running on ca01.company.com computer. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Restore-CertificateRevocationListFlagDefault</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-CertificateRevocationListFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Restore-KeyRecoveryAgentFlagDefault</command:name><maml:description><maml:para>Restores Active Directory Certification Authority (AD CS) key recovery agent default flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restore</command:verb><command:noun>KeyRecoveryAgentFlagDefault</command:noun><dev:version /></command:details><maml:description><maml:para>Restores Active Directory Certification Authority (AD CS) key recovery agent default flags and discards any previous KRA flag modifications. This command is helpful in the case of incorrect configuration or you want to stay "default".</maml:para><maml:para>By default no flags are enabled.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restore-KeyRecoveryAgentFlagDefault</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing KRAFlag object. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing KRAFlag object. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRAFlag[]</command:parameterValue><dev:type><maml:name>KRAFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.Flags.KRAFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_Flags_KRAFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Get-KRAFlag | Restore-KRAFlag -RestartCA</dev:code><dev:remarks><maml:para>The command restores default KRA flag configuration for CA server running on 'ca01.company.com' computer. After the configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Restore-KeyRecoveryAgentFlagDefault</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-KeyRecoveryAgentFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Restore-PolicyModuleFlagDefault</command:name><maml:description><maml:para>Restores default policy module flags.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Restore</command:verb><command:noun>PolicyModuleFlagDefault</command:noun><dev:version /></command:details><maml:description><maml:para>Enables policy module flags. These flags are processed by policy module during certificate request processing. The following default flags are for: Enterprise CA ------------- RequestExtensionList DisableExtensionList AddOldKeyUsage BasicConstraintsCritical EnableAKIKeyID EnableDefaultSMIME EnableChaseClientDC</maml:para><maml:para>Standalone CA ------------- RequestExtensionList DisableExtensionList AddOldKeyUsage AttributeEndDate BasicConstraintsCA EnableAKIKeyID AttributeCA AttributeEKU</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Restore-PolicyModuleFlagDefault</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the object that contains existing CA Policy Module flags. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the object that contains existing CA Policy Module flags. The object can be retrieved by running Get-PolicyModuleFlag command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">EditFlag[]</command:parameterValue><dev:type><maml:name>EditFlag[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.EditFlag</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_EditFlag.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Restore-PolicyModuleFlagDefault -RestartCA</dev:code><dev:remarks><maml:para>Restores default policy module flags on Company-CA CA server and restarts certificate services.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-PolicyModuleFlag | Restore-PolicyModuleFlagDefault -RestartCA</dev:code><dev:remarks><maml:para>Restores default policy module flags on all CA servers and restarts certificate services.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Restore-PolicyModuleFlagDefault</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Disable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Enable-PolicyModuleFlag</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Revoke-Certificate</command:name><maml:description><maml:para>Revokes specified certificate request with a specified reason.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Revoke</command:verb><command:noun>Certificate</command:noun><dev:version /></command:details><maml:description><maml:para>Revokes specified certificate request with a specified reason. A revoked certificate will appear in a subsequent certificate revocation lists (CRLs), provided the revocation date is effective at the time the CRL was published.</maml:para><maml:para>It is possible to use this command more than once on the same certificate, which allows you to change the effective revocation date and revocation reason.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Revoke-Certificate</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request objects can be retrieved by running one of the following commands: Get-IssuedRequest Get-RevokedRequest</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Reason</maml:name><maml:description><maml:para>Specifies a reason why certificate was revoked. This parameter accepts one of the following values:</maml:para><maml:para>Unspecified - (default) is used if the certificate is revoked for a reason outside the scope of supported reasons. KeyCompromise - is used if the certificate private key was stolen or become known to an unauthorized entity. CACompromise - is used if the CA certificate private key was stolen or become known to an unauthorized entity. AffiliationChanged - is used when employee (or other entity) has changed its affiliation (job position) and current certificates are no longer required in new position. Superseded - is used when a new certificate version (for example with new issuance, application policy or with updated extensions) is available and previous (but still valid) certificate must not be used. CeaseOfOperation - is used when an employee leaves a company, or device is decommissioned. Hold - is used to temporarily revoke certificate. For example when an employee is in a vacation. Unrevoke - is used to release a certificate from CRL. If a certificate has been revoked with any reason code other than 'Hold', it cannot be reinstated.</maml:para><maml:para>Note: do not use 'Hold' reason, especially for signing certificates. This is because it is not possible to determine whether the certificate was valid at a signing time (determined by a timestamp in the signature).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>RevocationDate</maml:name><maml:description><maml:para>Provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. This date may be earlier than the revocation date in the CRL entry, which is the date at which the CA processed the revocation. When a revocation is first posted by a CRL issuer in a CRL, the invalidity date may precede the date of issue of earlier CRLs, but the revocation date should not precede the date of issue of earlier CRLs.</maml:para><maml:para>The parameter must be set as a valid datetime string. Valid string may vary depending on current regional settings. For example, the following format is used in Latvia:</maml:para><maml:para>MM.dd.yyyy hh:mm:ss MM - month (2 digits) dd - day (2 digits) yyyy - year (4 digits) hh - hours (2 digits) mm - minutes (2 digits) ss - seconds (2 digits)</maml:para><maml:para>For more details about datetime format in your region see more in Control Panel\Regional and Language applet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request objects can be retrieved by running one of the following commands: Get-IssuedRequest Get-RevokedRequest</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>Reason</maml:name><maml:description><maml:para>Specifies a reason why certificate was revoked. This parameter accepts one of the following values:</maml:para><maml:para>Unspecified - (default) is used if the certificate is revoked for a reason outside the scope of supported reasons. KeyCompromise - is used if the certificate private key was stolen or become known to an unauthorized entity. CACompromise - is used if the CA certificate private key was stolen or become known to an unauthorized entity. AffiliationChanged - is used when employee (or other entity) has changed its affiliation (job position) and current certificates are no longer required in new position. Superseded - is used when a new certificate version (for example with new issuance, application policy or with updated extensions) is available and previous (but still valid) certificate must not be used. CeaseOfOperation - is used when an employee leaves a company, or device is decommissioned. Hold - is used to temporarily revoke certificate. For example when an employee is in a vacation. Unrevoke - is used to release a certificate from CRL. If a certificate has been revoked with any reason code other than 'Hold', it cannot be reinstated.</maml:para><maml:para>Note: do not use 'Hold' reason, especially for signing certificates. This is because it is not possible to determine whether the certificate was valid at a signing time (determined by a timestamp in the signature).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>RevocationDate</maml:name><maml:description><maml:para>Provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. This date may be earlier than the revocation date in the CRL entry, which is the date at which the CA processed the revocation. When a revocation is first posted by a CRL issuer in a CRL, the invalidity date may precede the date of issue of earlier CRLs, but the revocation date should not precede the date of issue of earlier CRLs.</maml:para><maml:para>The parameter must be set as a valid datetime string. Valid string may vary depending on current regional settings. For example, the following format is used in Latvia:</maml:para><maml:para>MM.dd.yyyy hh:mm:ss MM - month (2 digits) dd - day (2 digits) yyyy - year (4 digits) hh - hours (2 digits) mm - minutes (2 digits) ss - seconds (2 digits)</maml:para><maml:para>For more details about datetime format in your region see more in Control Panel\Regional and Language applet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri/></dev:type><dev:defaultValue>[DateTime]::Now</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Utils.IServiceOperationResult</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Utils_IServiceOperationResult.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority CompanyCA | Get-IssuedRequest -Filter "CommonName -eq www.company.com" | Revoke-Certificate -Reason "CeaseOfOperation"</dev:code><dev:remarks><maml:para>Revokes all certificates issued to www.company.com. This will guarantee that no one will use decommissioned web server certificate to impersonate legitimate server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-Issuedrequest -Filter "CommonName -gt users vpodans" | Revoke-Certificate -Reason "CeaseOfOperation" -RevocationDate "05.01.2011"</dev:code><dev:remarks><maml:para>Revokes all certificates issued to 'vpodans' user account stored in Users organizational unit and set revocation date to 01 May 2011.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority MyCA | Get-RevokedRequest -ID 17 | Revoke-Certificate -Reason "KeyCompromise"</dev:code><dev:remarks><maml:para>This command will update revocation reason for request with ID=17 and set reason to "KeyCompromise".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Revoke-Certificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-IssuedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-RevokedRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-AuthorityInformationAccess</command:name><maml:description><maml:para>Sets new Authority Information Access (AIA) for Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>AuthorityInformationAccess</command:noun><dev:version /></command:details><maml:description><maml:para>Sets new Authority Information Access (AIA) for Certification Authority. This command will write new AIA URIs to Certification Authority (CA) configuration.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-AuthorityInformationAccess</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing object with configured AIA URLs. This object can be retrieved by running either Add-AuthorityInformationAccess or Remove-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing object with configured AIA URLs. This object can be retrieved by running either Add-AuthorityInformationAccess or Remove-AuthorityInformationAccess command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">AuthorityInformationAccess[]</command:parameterValue><dev:type><maml:name>AuthorityInformationAccess[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.AuthorityInformationAccess</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AIA | Add-AuthorityInformationAccess -URI "2:http://eu.company.com/MyCA%4.crt" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This command will retrieve AIA extension configuration from 'MyCA' CA server and adds new URI that will be published in all issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name RootCA | Get-AuthorityInformationAccess | Add-AuthorityInformationAccess -URI "32:http://na.company.com/OCSP" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This command will retrieve AIA extension configuration from 'RootCA' CA server and adds new URI that will be published in all issued certificates as OCSP location. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*c:\windows*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This will remove all AIA URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*ldap://*" | Set-AuthorityInformationAccess -RestartCA</dev:code><dev:remarks><maml:para>This will remove all URIs that are used for CRT file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-AuthorityInformationAccess</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-AuthorityInformationAccess</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CACryptographyConfig</command:name><maml:description><maml:para>Changes current Certification Authority (CA) cryptography settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CACryptographyConfig</command:noun><dev:version /></command:details><maml:description><maml:para>Changes current Certification Authority (CA) cryptography settings. The following settings can be modified by this command:</maml:para><maml:para>Hashing Algorithm -- the algorithm that is used to hash and sign issued certificates and certificate revocation lists (CRLs). Pulbic Key Algorithm -- the asymmetric algorithm that is used to encrypt the signature of the certificate or CRL. For example, change RSA to ECDSA algorithm. Alternate Signature Algorithm -- instructs CA server to use PKCS#1 v2.1 signature format.</maml:para><maml:para>Note: Public Key Algorithm and Alternatate Signature Algorithm are not supported by legacy cryptographic service providers (aka CryptoAPI CSP). Currently only CAPI2 (Key Storage) providers support these settings.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CACryptographyConfig</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing CA cryptography configuration object. This object can be retrieved by running Get-CACryptographyConfig command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CACryptography[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>HashingAlgorithm</maml:name><maml:description><maml:para>Specifies the new hashing and signature algorithm. You can pass either, Oid object that contains new algorithm information, algorithm friendly name or algorithm object identifier.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>EncryptionAlgorithm</maml:name><maml:description><maml:para>Specifies the new asymmetric algorithm. You can pass either, Oid object that contains new algorithm information, algorithm friendly name or algorithm object identifier.</maml:para><maml:para>Note: if the 'ProviderIsCNG' property of the cryptography configuration object is set to False, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureAlgorithm</maml:name><maml:description><maml:para>Specifies whether the CA server should use PKCS#1 v2.1 signature format which causes signatures like RSASSA-PSS (1.2.840.113549.1.1.10) signature algorithm. Not all systems and applications may recognize this signature format.</maml:para><maml:para>Note: if the 'ProviderIsCNG' property of the cryptography configuration object is set to False, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing CA cryptography configuration object. This object can be retrieved by running Get-CACryptographyConfig command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CACryptography[]</command:parameterValue><dev:type><maml:name>CACryptography[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>HashingAlgorithm</maml:name><maml:description><maml:para>Specifies the new hashing and signature algorithm. You can pass either, Oid object that contains new algorithm information, algorithm friendly name or algorithm object identifier.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid</command:parameterValue><dev:type><maml:name>Oid</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>EncryptionAlgorithm</maml:name><maml:description><maml:para>Specifies the new asymmetric algorithm. You can pass either, Oid object that contains new algorithm information, algorithm friendly name or algorithm object identifier.</maml:para><maml:para>Note: if the 'ProviderIsCNG' property of the cryptography configuration object is set to False, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid</command:parameterValue><dev:type><maml:name>Oid</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>AlternateSignatureAlgorithm</maml:name><maml:description><maml:para>Specifies whether the CA server should use PKCS#1 v2.1 signature format which causes signatures like RSASSA-PSS (1.2.840.113549.1.1.10) signature algorithm. Not all systems and applications may recognize this signature format.</maml:para><maml:para>Note: if the 'ProviderIsCNG' property of the cryptography configuration object is set to False, this parameter is ignored.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CACryptography</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CACryptography.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CACryptography</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CACryptography.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CACryptographyConfig | Set-CACryptographyConfig -HashingAlgorithm SHA256 -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves existing CA cryptography configuration and changes hashing algorithm to 'SHA256'. After certificate service is restarted, all new issued certificates and CRLs will be signed by used a 'SHA256' signing algorithm.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CACryptographyConfig | Set-CACryptographyConfig -HashingAlgorithm SHA256 -AlternateSignatureAlgorithm -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves existing CA cryptography configuration and changes hashing algorithm to 'SHA256' and enforces CA server to use PKCS#1 v2.1 signature format. After certificate service is restarted, all new issued certificates and CRLs will be signed by used a PSS signing algorithm and the content will be hashed by using 'SHA256' hashing algorithm.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CACryptographyConfig</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CACryptographyConfig</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CAKRACertificate</command:name><maml:description><maml:para>Sets new key recovery agent certificate set to a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CAKRACertificate</command:noun><dev:version /></command:details><maml:description><maml:para>Sets new key recovery agent certificate set to a specified Certification Authority (CA). </maml:para><maml:para>Key Recovery Agent certificate is used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate.</maml:para><maml:para>This command don't perform key recovery agent certificate validation. Once new KRA certificates are applied, this command will instruct CA server to use all of them for key archival process. In this case CA server will encrypt archived private key with each KRA certificate public key. This will ensure that any assigned key recovery agent will be able to perform key recovery.</maml:para><maml:para>Note that if only one certificate is assigned and it is invalid, all requests that require key archival will fail.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CAKRACertificate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies KRA object to process. This object can be retrieved by running Add-CAKRACertificate or Remove-CAKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies KRA object to process. This object can be retrieved by running Add-CAKRACertificate or Remove-CAKRACertificate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">KRA[]</command:parameterValue><dev:type><maml:name>KRA[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.KRA</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_AuthorityInformationAccess.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $KRACerts = Get-ADKRACertificate -Subject "CN=Key Recovery*" C:\PS>Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Add-CAKRACertificate -Certificate $certs | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>First command retrieves from Active Directory all KRA certificates where subject field starts with 'CN=Key Recovery' (in DN format). Second command will retrieve currently assigned KRA certificates to 'MyCA' CA server and adds new certificates obtained in first command. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Certs = Get-ADKRACertificate -ShowUI -Multipick C:\PS>Get-CertificationAuthority | Get-CAKRACertificate | Add-CAKRACertificate $Certs | Set-Certificate -RestartCA</dev:code><dev:remarks><maml:para>In this example first command will display certificate selection UI where you can select available KRA certificates. Second command will add selected (in previous command) certificates to currently assigned certificates and writes new certificate list back to a CA server. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAKRACertificate | Remove-CAKRACertificate -Thumbprint "70144A763E3A662756898C3160297C8CBCD244DC" | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove key recovery agent certificate with thumbprint '70144A763E3A662756898C3160297C8CBCD244DC' from 'MyCA' CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CAKRACertificate | Remove-CAKRACertificate -InvalidOnly | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will remove invalid KRA certificates from all CA servers in the current forest. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CAKRACertificate | Remove-CAKRACertificate -ShowUI | Set-CAKRACertificate -RestartCA</dev:code><dev:remarks><maml:para>This example will retrieve currently assigned KRA certificates and displays certificate selection UI where you can select certificates to remove and writes new KRA certificate list back to a Company-CA CA server. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CAKRACertificate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ADKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CAKRACertificate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CATemplate</command:name><maml:description><maml:para>Writes certificate templates to a specified Certification Authority (CA).</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CATemplate</command:noun><dev:version /></command:details><maml:description><maml:para>Writes certificate templates to a specified Certification Authority (CA). This command will rewrite all certificate templates assigned to a CA server with a new template list.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CATemplate</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running either Add-CATemplate or Remove-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the Certification Authority with assigned templates. This object can be retrieved by running either Add-CATemplate or Remove-CATemplate command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CATemplate[]</command:parameterValue><dev:type><maml:name>CATemplate[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CATemplate</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CATemplate.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Add-CATemplate -Name "SmartCardV2","OfflineComputer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add 'SmartCardV2' and 'OfflineComputer' templates (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and assigns them to a 'Company CA01' certification authority.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Add-CATemplate -DisplayName "Computer V2", "CA Exchange" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will add templates with display names: 'Computer V2' (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and CA Exchange and assigns them to all Enterprise CAs in the forest.</maml:para><maml:para>This example is useful to provide template redundancy, so clients are able to enroll for a certificate even one CA server is down.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -Name WebServer C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Add-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example the first command retrieves template object by running Get-CertificateTemplate command. In the second line adds this template to a CA server running on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Remove-CATemplate -Name "Machine","WebServer" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove 'Machine' and 'WebServer' templates from 'Company CA01' CA server. CA server will unable to issue any certificates based on specified templates.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 5 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CATemplate | Remove-CATemplate -DisplayName "Domain Controller" | Set-CATemplate</dev:code><dev:remarks><maml:para>This command will remove 'Domain Controller' template from all Enterprise CAs in the forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 6 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $Template = Get-CertificateTemplate -DisplayName "Key Recovery Agent" C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Remove-CATemplate -Template $Template | Set-CATemplate</dev:code><dev:remarks><maml:para>In this example first command retrieves 'Key Recovery Agent' template object. In the second line specified template will be removed from CA server running on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CATemplate</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CATemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CertificateExtension</command:name><maml:description><maml:para>Adds or disables certificate extensions in a pending certificate request.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CertificateExtension</command:noun><dev:version /></command:details><maml:description><maml:para>Adds or disables certificate extensions in a pending certificate request.</maml:para><maml:para>Note: for this command to succeed, the certificate request must be pending.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CertificateExtension</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request objects can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Extension</maml:name><maml:description><maml:para>Specifies the extension to add or remove. Depending on a 'Remove' switch, the following object types are accepted:</maml:para><maml:para>-- if 'Remove' switch is set to $false, this parameter must be an array of System.Security.Cryptography.X509Certificates.X509Extension or single System.Security.Cryptography.X509Certificates.X509ExtensionCollection object. In this case, the specified extension or extenssions will be added. -- if 'Remove' switch is set to $true, this parameter must be an array of System.Security.Cryptography.Oid objects, where each object identifier denotes the extension to disable.</maml:para><maml:para>Certificate extension object are constructed out-of-band by using native .NET or extended extension classes. .NET extensions classes are defined in X509Certificates namespace: -- .NET native extensions: http://msdn.microsoft.com/en-us/library/System.Security.Cryptography.X509Certificates.aspx -- extended extension classes: https://www.pkisolutions.com/apidocs/pkix.net/html/N_System_Security_Cryptography_X509Certificates.htm</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Remove</maml:name><maml:description><maml:para>Specifies whether to disable certificate extensions specified in the 'Extension' parameter. See 'Extension' parameter for this command behavior.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>Request</maml:name><maml:description><maml:para>Specifies the particular request object. Request objects can be retrieved by running Get-PendingRequest command.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Object</command:parameterValue><dev:type><maml:name>Object</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="1"><maml:name>Extension</maml:name><maml:description><maml:para>Specifies the extension to add or remove. Depending on a 'Remove' switch, the following object types are accepted:</maml:para><maml:para>-- if 'Remove' switch is set to $false, this parameter must be an array of System.Security.Cryptography.X509Certificates.X509Extension or single System.Security.Cryptography.X509Certificates.X509ExtensionCollection object. In this case, the specified extension or extenssions will be added. -- if 'Remove' switch is set to $true, this parameter must be an array of System.Security.Cryptography.Oid objects, where each object identifier denotes the extension to disable.</maml:para><maml:para>Certificate extension object are constructed out-of-band by using native .NET or extended extension classes. .NET extensions classes are defined in X509Certificates namespace: -- .NET native extensions: http://msdn.microsoft.com/en-us/library/System.Security.Cryptography.X509Certificates.aspx -- extended extension classes: https://www.pkisolutions.com/apidocs/pkix.net/html/N_System_Security_Cryptography_X509Certificates.htm</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue><dev:type><maml:name>Object[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>Remove</maml:name><maml:description><maml:para>Specifies whether to disable certificate extensions specified in the 'Extension' parameter. See 'Extension' parameter for this command behavior.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_Database_AdcsDbRow.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Utils.IServiceOperationResult</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Utils_IServiceOperationResult.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $altName = New-Object Security.Cryptography.X509Certificates.X509AlternativeName "DnsName","owa.company.com" PS C:\> $altNames = New-Object Security.Cryptography.X509Certificates.X509AlternativeName "DnsName","www.company.com" PS C:\> $altNames = New-Object Security.Cryptography.X509Certificates.X509AlternativeNameCollection PS C:\> $altName, $altName2 | %{[void]$altNames.Add($_)} PS C:\> $SAN = New-Object Security.Cryptography.X509Certificates.X509SubjectAlternativeNameExtension PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 1631 | Set-CertificateExtension -Extension $SAN | Approve-CertificateRequest</dev:code><dev:remarks><maml:para>This example demonstrates general techniques to create X509Extension object. In a given example, we create subject alternative name (SAN) extension with two alternative names: DnsName=owa.company.com, DnsName=www.company.com. These alternative names are added to an alternative name collection. This collection is used to construct SAN extension. In the last line, new extension is added to a pending request with request ID=1631 and approves modified pending request. Issued certificate will contain new SAN extension.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertitificationAuthority "ca01.company.com" | Get-PendingRequest -RequestID 1632 | Set-CertificateExtension -Extension "Subject Alternative Name" -Remove | Approve-CertificateRequest</dev:code><dev:remarks><maml:para>In this example, we assume that pending request has unwanted subject alternative name (SAN) extension. This command retrieves pending request object and disables (removes) unwanted extension and issues certificate. Issued certificate will not have request SAN extension.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CertificateExtension</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-PendingRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Approve-CertificateRequest</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CertificateTemplateAcl</command:name><maml:description><maml:para>Changes the security descriptor of a certificate template.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CertificateTemplateAcl</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-CertificateTemplateAcl cmdlet writes the security descriptor of a specified certificate template to the actual certificate template object, to match the values in a security descriptor that you supply.</maml:para><maml:para>Note: in order to edit certificate template ACL, you must be granted for Enterprise Admins permissions or delegated permissions on 'Certificate Templates' Active Directory container.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CertificateTemplateAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of certificate template. This object can be retrieved by running Get-CertificateTemplateAcl, Add-CertificateTemplateAcl or Remove-CertificateTemplateAcl cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of certificate template. This object can be retrieved by running Get-CertificateTemplateAcl, Add-CertificateTemplateAcl or Remove-CertificateTemplateAcl cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertTemplateSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertTemplateSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertTemplateSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertTemplateSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplate | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This commands adds 'WebServerGroup' security group to the certificate template 'WebServer' and grants Read and Enroll permissions. After that, a new ACL is written to the actual object.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateAcl | Remove-CertificateTemplateAcl -User OldWebServer -AccessType Allow | Set-CertificateTemplateAcl</dev:code><dev:remarks><maml:para>This commands removes all granted permissions for 'OldWebServer' account from 'WebServer' certificate template ACL. After that, a new ACL will be written to the actual certificate template object (Set-CertificateTemplateAcl).</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CertificateTemplateAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplate</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificateTemplateAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CertificateValidityPeriod</command:name><maml:description><maml:para>Sets maximum validity period for issued certificates.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CertificateValidityPeriod</command:noun><dev:version /></command:details><maml:description><maml:para>Sets maximum validity period for issued certificates. This setting is not absolute. Certificate actual validity period is the lesser value of the following: for Standalone CA: - estimated CA certificate validity period - ValidityPeriod parameter value.</maml:para><maml:para>for Enterprise CA: - estimated CA certificate validity period - certificate template validity period value - ValidityPeriod parameter value.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CertificateValidityPeriod</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Must be existing CertValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CertificateValidityPeriod command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertValiditySetting[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>ValidityPeriod</maml:name><maml:description><maml:para>Specifies new issed certificate validity settings. Must be set in the format: 'Digit PeriodUnit'. For example, '5 years'. Possible values for PeriodUnit are: - Hours - Days - Weeks - Months - Years</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Must be existing CertValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CertificateValidityPeriod command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertValiditySetting[]</command:parameterValue><dev:type><maml:name>CertValiditySetting[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>ValidityPeriod</maml:name><maml:description><maml:para>Specifies new issed certificate validity settings. Must be set in the format: 'Digit PeriodUnit'. For example, '5 years'. Possible values for PeriodUnit are: - Hours - Days - Weeks - Months - Years</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CertValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "10 years" -RestartCA</dev:code><dev:remarks><maml:para>Sets certificate issued certificate validity period to '10 years'. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CertificateValidityPeriod | Set-CertificateValidityPeriod "5 years" -RestartCA</dev:code><dev:remarks><maml:para>Sets certificate issued certificate validity period to '5 years' for all Enterprise CAs in the current forest and restarts CA service. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CertificateValidityPeriod</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificateValidityPeriod</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CertificationAuthorityAcl</command:name><maml:description><maml:para>Writes modified access control list (ACL) to Certification Authority configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CertificationAuthorityAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Writes modified access control list (ACL) to Certification Authority configuration.</maml:para><maml:para>Note: new ACL will not have effect until CA service is restarted.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CertificationAuthorityAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to write. This object can be retrieved by running either, Add-CertificationAuthorityAcl or Remove-CertificationAuthorityAcl commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the current access control list (ACL) object to write. This object can be retrieved by running either, Add-CertificationAuthorityAcl or Remove-CertificationAuthorityAcl commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertSrvSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>CertSrvSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.CertSrvSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_CertSrvSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $ACE = @(New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"JohnWayne"), "ManageCA", "Allow") PS C:\> $ACE += New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"jsmith"), "ManageCertificates", "Allow" PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Add-CertificationAuthorityAcl -AccessControlEntry $ACE | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>First two lines create new access control entries: -- first creates ACE for John Wayne and grants him CA manager permissions. -- second creates ACE for John Smith and grants him certificate manager permissions. Third line retrieves current ACL from CA server, adds new access control entries and writes them to CA configuration. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para>Note that if ACL already contains entry for user account to be added, new ACE will not be added. Instead, use techniques described in Example 4.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -User "jsmith","JohnWayne" | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example retrieves current access control list from CA server installed on "ca01.company.com", removes all permissions explicitly granted to John Smith and John Wayne and writes modified ACL to CA configuration. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> $ACE = New-Object PKI.Security.AccessControl.CertificationAuthorityAccessRule ([Security.Principal.NTAccount]"jsmith"), "ManageCA", "Allow") PS C:\> Get-CertificationAuthority "ca01.company.com" | Get-CertificationAuthorityAcl | Remove-CertificationAuthorityAcl -User "jsmith" | Add-CertificationAuthorityAcl -AccessControlEntry $ACE | Set-CertificationAuthorityAcl -RestartCA</dev:code><dev:remarks><maml:para>This example demonstrates techniques to change permissions explicitly granted to a user. In a given example, first line creates new access control entry for John Smith. Second line retrieves access control list from CA server, removes all permissions granted to John Smith and adds new access control entry.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CertificationAuthorityAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CertificationAuthorityAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CRLDistributionPoint</command:name><maml:description><maml:para>Set new CRL distribution points (CDP) for Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CRLDistributionPoint</command:noun><dev:version /></command:details><maml:description><maml:para>Set new CRL distribution points (CDP) for Certification Authority. This command will write new CDP URIs to Certification Authority (CA) configuration.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CRLDistributionPoint</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an existing CDP object to rewrite. This object can be retrieved by running either Add-CRLDistributionPoint or Remove-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an existing CDP object to rewrite. This object can be retrieved by running either Add-CRLDistributionPoint or Remove-CRLDistributionPoint command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLDistributionPoint[]</command:parameterValue><dev:type><maml:name>CRLDistributionPoint[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLDistributionPoint</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLDistributionPoint.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority RootCA | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "6:http://crl.domain.com/%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will add new CDP URI to certificate CDP for 'RootCA' CA server. Also this will add new URI in Freshest CRL in CRL CDP to locate corresponding Delta CRL. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "65:\\ServerName\crlfile%9.crl", "65:C:\CertData\%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will add new paths for Base and Delta CRL file publication for all CAs in the current forest. This will not add any new URIs in certificate CDP extension, but instructs CA to publish physical CRL files to specified locations. After command completion CA services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*c:\windows*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all CDP URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 4 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*ldap://*" | Set-CrlDistributionPoint -RestartCA</dev:code><dev:remarks><maml:para>This example will remove all URIs that are used for CRL file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CRLDistributionPoint</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-CRLDistributionPoint</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-CRLValidityPeriod</command:name><maml:description><maml:para>Sets CRL validity period setting.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>CRLValidityPeriod</command:noun><dev:version /></command:details><maml:description><maml:para>Sets CRL validity period and overlap settings for both BaseCRL and DeltaCRL.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-CRLValidityPeriod</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Must be existing CRLValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CRLValidityPeriod command</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLValiditySetting[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>BaseCRL</maml:name><maml:description><maml:para>Specifies new CRL validity settings. Must be set in the format: '<Digit> <PeriodUnit>'. For example, '5 days'. Possible values for PeriodUnit are: -- Hours -- Days -- Weeks -- Months -- Years</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>BaseCRLOverlap</maml:name><maml:description><maml:para>Specifies the time to extend Base CRL. For example if BaseCRL is published every 7 days with 1 day overlap the resulting validity period for Base CRL will be 8 days. But the CA server will still publish CRL evey 7 days, so administrators will have one day to distribute CRL to the target CRL publishing locations. For input format please refer to BaseCRL parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>DeltaCRL</maml:name><maml:description><maml:para>Specifies new Delta CRL validity settings. Delta CRL is an incremental CRL issued several times between Base CRL publishing and will contain only those certificates that was revoked since the last Base CRL was issued. Usually Delta CRLs are published quite frequently (for example, each 1-2 days) to keep certificate revocation status information up to date. For input format please refer to BaseCRL parameter.</maml:para><maml:para>Note: if you wish to disable DeltaCRL publishing, set Digit value to zero (see examples).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>DeltaCRLOverlap</maml:name><maml:description><maml:para>Specifies the time to extend Delta CRL. For additional info refer to BaseCRLOverlap parameter. For input format please refer to BaseCRL parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>InputObject</maml:name><maml:description><maml:para>Must be existing CRLValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CRLValidityPeriod command</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CRLValiditySetting[]</command:parameterValue><dev:type><maml:name>CRLValiditySetting[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>BaseCRL</maml:name><maml:description><maml:para>Specifies new CRL validity settings. Must be set in the format: '<Digit> <PeriodUnit>'. For example, '5 days'. Possible values for PeriodUnit are: -- Hours -- Days -- Weeks -- Months -- Years</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>BaseCRLOverlap</maml:name><maml:description><maml:para>Specifies the time to extend Base CRL. For example if BaseCRL is published every 7 days with 1 day overlap the resulting validity period for Base CRL will be 8 days. But the CA server will still publish CRL evey 7 days, so administrators will have one day to distribute CRL to the target CRL publishing locations. For input format please refer to BaseCRL parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>DeltaCRL</maml:name><maml:description><maml:para>Specifies new Delta CRL validity settings. Delta CRL is an incremental CRL issued several times between Base CRL publishing and will contain only those certificates that was revoked since the last Base CRL was issued. Usually Delta CRLs are published quite frequently (for example, each 1-2 days) to keep certificate revocation status information up to date. For input format please refer to BaseCRL parameter.</maml:para><maml:para>Note: if you wish to disable DeltaCRL publishing, set Digit value to zero (see examples).</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>DeltaCRLOverlap</maml:name><maml:description><maml:para>Specifies the time to extend Delta CRL. For additional info refer to BaseCRLOverlap parameter. For input format please refer to BaseCRL parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CRLValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.CRLValidityPeriod</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CRLValiditySetting.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -BaseCRL "22 weeks" -BaseCRLOverlap "2 days" -RestartCA</dev:code><dev:remarks><maml:para>Sets Base CRL publishing period as 22 weeks and overlap delay as 2 days. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -DeltaCRL "0 days" -RestartCA</dev:code><dev:remarks><maml:para>Disables Delta CRL publishing for all Certification Authorities in current forest. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-CRLValidityPeriod</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CRLValidityPeriod</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-ExtensionList</command:name><maml:description><maml:para>Sets certificate enabled/disabled extension lists.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>ExtensionList</command:noun><dev:version /></command:details><maml:description><maml:para>Sets certificate enabled/disabled extension lists.Extensions are sorted in 3 categories:</maml:para><maml:para>EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request. OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used. DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.</maml:para><maml:para>For more details see corresponding parameter description.</maml:para><maml:para>Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-ExtensionList</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing ExtensionList object to process. This object can be retrieved by running either Add-ExtensionList or Remove-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies existing ExtensionList object to process. This object can be retrieved by running either Add-ExtensionList or Remove-ExtensionList command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">ExtensionList[]</command:parameterValue><dev:type><maml:name>ExtensionList[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RestartCA</maml:name><maml:description><maml:para>Restarts CA service on the specified CA server to immediately apply changes.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>PKI.CertificateServices.PolicyModule.ExtensionList</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_PolicyModule_ExtensionList.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This command will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority -Name Company-CA | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA</dev:code><dev:remarks><maml:para>This will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will ignore this extension in certificate request.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-ExtensionList</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-ExtensionList</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-OnlineResponderAcl</command:name><maml:description><maml:para>Changes the Online Responder's security descriptor.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>OnlineResponderAcl</command:noun><dev:version /></command:details><maml:description><maml:para>Writes modified access control list (ACL) to Online Responder.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-OnlineResponderAcl</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl, Add-OnlineResponderAcl or Remove-OnlineResponderAcl cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies an ACL object of Online Responder. This object can be retrieved by running Get-OnlineResponderAcl, Add-OnlineResponderAcl or Remove-OnlineResponderAcl cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderSecurityDescriptor[]</command:parameterValue><dev:type><maml:name>OcspResponderSecurityDescriptor[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Security.AccessControl.OcspResponderSecurityDescriptor</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Security_AccessControl_OcspResponderSecurityDescriptor.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Add-OnlineResponderAcl -Identity "OCSP Admins" -AccessType "Allow" -AccessMask "Manage" | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>In this example, existing Access Control List (ACL) object is retrieved from Online Responder server hosted on "ocsp1.example.com" and added new "Allow" Access Control Entry (ACE) for group "OCSP Admins" with "Manage" access and writes new ACL back to Online Responder configuration.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$SourceACL = Connect-OnlineResponder -ComputerName "ocsp1.example.com" | Get-OnlineResponderAcl PS C:\> $DestinationACL = Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Force PS C:\> $DestinationACL | Add-OnlineResponderAcl -AccessRule $SourceACL.Access | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>This example shows techniques used to copy and replace ACL from source Online Responder to destination Online Responder. a) First line retrieves ACL from source Online Responder hosted on "ocsp1.example.com". b) Second line retrieves existing ACL from destination Online Responder hosted on "ocsp3.example.com" and clears all Access Control Entries (ACE). c) Third line copies ACEs from source Online Responder to destination Online Responder.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderAcl | Remove-OnlineResponderAcl -Identity "Old OCSP Admins" -AccessType Allow | Set-OnlineResponderAcl</dev:code><dev:remarks><maml:para>In this example, a group "Old OCSP Admins" is removed from ACL for Online Responder "ocsp1.example.com"</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-OnlineResponderAcl</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Add-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Remove-OnlineResponderAcl</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-OnlineResponderProperty</command:name><maml:description><maml:para>Changes Online Responder global configuration.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>OnlineResponderProperty</command:noun><dev:version /></command:details><maml:description><maml:para>Changes Online Responder global configuration. Global configuration applies to Online Responder and all stored revocation configurations. For revocation configuration specific settings, use Set-OnlineResponderRevocationConfiguration command.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-OnlineResponderProperty</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to modify. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>MaxRequestEntryCount</maml:name><maml:description><maml:para>Specifies the maximum number of request entries in OCSP request message. By default, one request entry is allowed per OCSP request.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>MaxCacheEntryCount</maml:name><maml:description><maml:para>Specifies the maximum number of OCSP responses cached by Online Responder. Recommended value is between 1,000 and 10,000 entries.</maml:para><maml:para>When Online Responder receives OCSP request, it checks if requested serial number is in cache. If serial number is found in cache, Online Responder returns cached OCSP response instead of generating and signing a new one. This cache significantly reduces the load on Online Responder.</maml:para><maml:para>Note: cache is ignored when incoming OCSP request contains Nonce and revocation configuration accepts Nonce fields. When Nonce is presented and allowed by revocation configuration, a new OCSP response is generated and signed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>ThreadCount</maml:name><maml:description><maml:para>Specifies the number of simultaneous OCSP requests that can be served by the Online Responder. By default, 50 simultaneous OCSP requests are allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>MaxRequestSize</maml:name><maml:description><maml:para>Specifies the maximum size of OCSP request in bytes, that is allowed to be processed on the server. If value is zero (0), then server will attempt to process incoming request of any size. Average size of unsigned request with single certificate in request is around 80-100 bytes. Average size of signed request is around 2-4kb.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="5"><maml:name>RequestFlag</maml:name><maml:description><maml:para>Specifies the request handling configuration on Online Responder server.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderRequestFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="6"><maml:name>AuditFlag</maml:name><maml:description><maml:para>Specifies the set of flags that identify the responder events for which the security audit is performed.</maml:para><maml:para>Note: in order to get events logged to security event log, an "Audit Certification Services" audit subcategory must be enabled in "Audit Object Access" audit category in group policies.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderAuditFilter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="7"><maml:name>LogLevel</maml:name><maml:description><maml:para>Specifies the logging level on Online Responder.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderLogLevel</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>TraceDebug</maml:name><maml:description><maml:para>Specifies whether the tracing for errors on Online Responder is enabled or not.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>MakeArrayController</maml:name><maml:description><maml:para>Promotes specified Online Responder to Array Controller role. Existing array controller is attempted to contact. If existing array controller is reachable, it is automatically demoted from array controller role. Otherwise, administrators are responsible to demote non-reachable array controller from its role.</maml:para><maml:para>Note: if this switch parameter is specified and set to False, no action is performed.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Responder object to modify. This object can be retrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="3"><maml:name>ThreadCount</maml:name><maml:description><maml:para>Specifies the number of simultaneous OCSP requests that can be served by the Online Responder. By default, 50 simultaneous OCSP requests are allowed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="4"><maml:name>MaxRequestSize</maml:name><maml:description><maml:para>Specifies the maximum size of OCSP request in bytes, that is allowed to be processed on the server. If value is zero (0), then server will attempt to process incoming request of any size. Average size of unsigned request with single certificate in request is around 80-100 bytes. Average size of signed request is around 2-4kb.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="6"><maml:name>AuditFlag</maml:name><maml:description><maml:para>Specifies the set of flags that identify the responder events for which the security audit is performed.</maml:para><maml:para>Note: in order to get events logged to security event log, an "Audit Certification Services" audit subcategory must be enabled in "Audit Object Access" audit category in group policies.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderAuditFilter</command:parameterValue><dev:type><maml:name>OcspResponderAuditFilter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="7"><maml:name>LogLevel</maml:name><maml:description><maml:para>Specifies the logging level on Online Responder.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderLogLevel</command:parameterValue><dev:type><maml:name>OcspResponderLogLevel</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>TraceDebug</maml:name><maml:description><maml:para>Specifies whether the tracing for errors on Online Responder is enabled or not.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>MakeArrayController</maml:name><maml:description><maml:para>Promotes specified Online Responder to Array Controller role. Existing array controller is attempted to contact. If existing array controller is reachable, it is automatically demoted from array controller role. Otherwise, administrators are responsible to demote non-reachable array controller from its role.</maml:para><maml:para>Note: if this switch parameter is specified and set to False, no action is performed.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1"><maml:name>MaxRequestEntryCount</maml:name><maml:description><maml:para>Specifies the maximum number of request entries in OCSP request message. By default, one request entry is allowed per OCSP request.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2"><maml:name>MaxCacheEntryCount</maml:name><maml:description><maml:para>Specifies the maximum number of OCSP responses cached by Online Responder. Recommended value is between 1,000 and 10,000 entries.</maml:para><maml:para>When Online Responder receives OCSP request, it checks if requested serial number is in cache. If serial number is found in cache, Online Responder returns cached OCSP response instead of generating and signing a new one. This cache significantly reduces the load on Online Responder.</maml:para><maml:para>Note: cache is ignored when incoming OCSP request contains Nonce and revocation configuration accepts Nonce fields. When Nonce is presented and allowed by revocation configuration, a new OCSP response is generated and signed.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="5"><maml:name>RequestFlag</maml:name><maml:description><maml:para>Specifies the request handling configuration on Online Responder server.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspResponderRequestFlags</command:parameterValue><dev:type><maml:name>OcspResponderRequestFlags</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder -ComputerName "ocsp3.example.com" | Set-OnlineResponderProperty -MakeArrayController</dev:code><dev:remarks><maml:para>Promotes Online Responder on "ocsp3.example.com" to array controller role. Existing array controller is attempted to contact. If existing array controller is reachable, it is automatically demoted from array controller role.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Set-OnlineResponderProperty -AuditFlag "RequestReceive, StartAndStop"</dev:code><dev:remarks><maml:para>Enables Online Responder audit for Online Responder service start/stop events and for each incoming OCSP request.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 3 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Set-OnlineResponderProperty -MaxRequestEntry 2 -MaxRequestSize 1kb -MaxCacheEntries 50000</dev:code><dev:remarks><maml:para>This example configures Online Responder on "ocsp1.example.com" to a) support up to 2 request entries (serial numbers) in OCSP request message, b) limits OCSP request size to 1kb (1024 bytes) and c) sets internal response cache to store up to 50k responses.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-OnlineResponderProperty</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderRevocationConfiguration </maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Set-OnlineResponderRevocationConfiguration</command:name><maml:description><maml:para>Configures Online Responder revocation configuration specific settings.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>OnlineResponderRevocationConfiguration</command:noun><dev:version /></command:details><maml:description><maml:para>Configures Online Responder revocation configuration specific settings. These settings are related only to specified revocation configuration and are replicated to all array members from array controller.</maml:para><maml:para>Typical revocation configuration settings are related to OCSP signing certificate enrollment and assignment approach. There are two OCSP signing certificate enrollment and assignment approaches:</maml:para><maml:para>1. Automatically enrolled and assigned OCSP signing certificate</maml:para><maml:para>This approach uses Microsoft Enterprise Certification Authority to automatically enroll and renew OCSP signing certificate. Microsoft Online Responder doesn't require the OCSP signing certificate to be signed by same CA server as was used to create revocation configuration. This approach is best suited for Microsoft Enterprise Certification Authorities and for other CA types (including non-Microsoft CAs) which doesn't require the OCSP signing certificate to be signed by same CA as was used to created revocation configuration. When this approach is used, the following conditions must be met:</maml:para><maml:para>-- '-SigningServer' and '-SigningCertTemplate' parameters must be specified. -- '-SigningFlag' enumeration must include the following flags: 'SigningCertAutoRenewal, AutoDiscoverSigninCert, SigningCertAutoEnrollment' -- if '-SigningFlag' enumeration includes "ForceDelegatedCert" flag, then '-SigningServer' must match the CA used to create revocation configuration.</maml:para><maml:para>2. Manual (out-of-band) OCSP signing certificate enrollment and assignment.</maml:para><maml:para>This approach uses custom and out-of-band process to enroll for OCSP signing certificate and explicit OCSP signing certificate assignment. This approach is best suited for offline CAs and non-Microsoft Certification Authority implementations and when OCSP signing certificate must be issued by same CA as was used to create revocation configuration. When this approach is used, the following conditions must be met:</maml:para><maml:para>-- '-SigningFlag' enumeration must include the following flags: 'ManualSigningCert' -- '-SigningFlag' enumeration exclude the following flags: 'SigningCertAutoRenewal, AutoDiscoverSigninCert, SigningCertAutoEnrollment'</maml:para><maml:para>Signing certificate is assigned by using '-SigningCertificate' parameter.</maml:para><maml:para>Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RevocationConfiguration</maml:name><maml:description><maml:para>Specifies the revocation configuration to modify. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration, or Add-OnlineResponderRevocationConfiguration commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningServer</maml:name><maml:description><maml:para>Specifies the Enterprise Certification Authority used to enroll for OCSP signing certificate. When this parameter is specified, '-SigningServer' parameter is mandatory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="true" pipelineInput="false" position="named"><maml:name>SigningCertTemplate</maml:name><maml:description><maml:para>Specifies the certificate template common name Online Responder will use to enroll for signing certificate. When this parameter is specified, '-SigningCertTemplate' parameter is mandatory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm used to sign OCSP responses.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningFlag</maml:name><maml:description><maml:para>Specifies the signing certificate used to sign OCSP responses for current CA. Signing certificate must have an associated private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspSigningFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ReminderDuration</maml:name><maml:description><maml:para>Specifies a percentage of the signing certificate validity period at which the responder will notify the administrator that certificate is about to expire. Default value is 90%.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Base CRL URLs revocation configuration will use to fetch Base CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Delta CRL URLs revocation configuration will use to fetch Delta CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate. Do not use this parameter if referenced Certification Authority is not configured to publish Delta CRLs.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumbersDirectory</maml:name><maml:description><maml:para>Specifies an array of UNC or local file paths that are being used by the Certification Authority to store the serial numbers of issued certificates.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CrlUrlTimeout</maml:name><maml:description><maml:para>Specifies the time-out in seconds that the revocation provider must wait before it times out while trying to retrieve the CRL for which it is configured.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RefreshTimeout</maml:name><maml:description><maml:para>Specifies the reference CRL cache lifetime in minutes. If the value is zero, then CRL cache is valid while CRLs are valid. Otherwise, reference CRLs are re-fetched at specified intervals.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-OnlineResponderRevocationConfiguration</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RevocationConfiguration</maml:name><maml:description><maml:para>Specifies the revocation configuration to modify. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration, or Add-OnlineResponderRevocationConfiguration commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningCertificate</maml:name><maml:description><maml:para>Specifies the signing certificate used to sign OCSP responses for current CA. Signing certificate must have an associated private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm used to sign OCSP responses.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid2</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningFlag</maml:name><maml:description><maml:para>Specifies the signing certificate used to sign OCSP responses for current CA. Signing certificate must have an associated private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspSigningFlags</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ReminderDuration</maml:name><maml:description><maml:para>Specifies a percentage of the signing certificate validity period at which the responder will notify the administrator that certificate is about to expire. Default value is 90%.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Base CRL URLs revocation configuration will use to fetch Base CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Delta CRL URLs revocation configuration will use to fetch Delta CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate. Do not use this parameter if referenced Certification Authority is not configured to publish Delta CRLs.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumbersDirectory</maml:name><maml:description><maml:para>Specifies an array of UNC or local file paths that are being used by the Certification Authority to store the serial numbers of issued certificates.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CrlUrlTimeout</maml:name><maml:description><maml:para>Specifies the time-out in seconds that the revocation provider must wait before it times out while trying to retrieve the CRL for which it is configured.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RefreshTimeout</maml:name><maml:description><maml:para>Specifies the reference CRL cache lifetime in minutes. If the value is zero, then CRL cache is valid while CRLs are valid. Otherwise, reference CRLs are re-fetched at specified intervals.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningCertificate</maml:name><maml:description><maml:para>Specifies the signing certificate used to sign OCSP responses for current CA. Signing certificate must have an associated private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue><dev:type><maml:name>X509Certificate2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="true" pipelineInput="false" position="named"><maml:name>SigningCertTemplate</maml:name><maml:description><maml:para>Specifies the certificate template common name Online Responder will use to enroll for signing certificate. When this parameter is specified, '-SigningCertTemplate' parameter is mandatory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>HashAlgorithm</maml:name><maml:description><maml:para>Specifies the hashing algorithm used to sign OCSP responses.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Oid2</command:parameterValue><dev:type><maml:name>Oid2</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>ReminderDuration</maml:name><maml:description><maml:para>Specifies a percentage of the signing certificate validity period at which the responder will notify the administrator that certificate is about to expire. Default value is 90%.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>BaseCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Base CRL URLs revocation configuration will use to fetch Base CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>SerialNumbersDirectory</maml:name><maml:description><maml:para>Specifies an array of UNC or local file paths that are being used by the Certification Authority to store the serial numbers of issued certificates.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>CrlUrlTimeout</maml:name><maml:description><maml:para>Specifies the time-out in seconds that the revocation provider must wait before it times out while trying to retrieve the CRL for which it is configured.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>RefreshTimeout</maml:name><maml:description><maml:para>Specifies the reference CRL cache lifetime in minutes. If the value is zero, then CRL cache is valid while CRLs are valid. Otherwise, reference CRLs are re-fetched at specified intervals.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named"><maml:name>RevocationConfiguration</maml:name><maml:description><maml:para>Specifies the revocation configuration to modify. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration, or Add-OnlineResponderRevocationConfiguration commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponderRevocationConfiguration[]</command:parameterValue><dev:type><maml:name>OcspResponderRevocationConfiguration[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"><maml:name>DeltaCrlUrl</maml:name><maml:description><maml:para>Specifies an array of Delta CRL URLs revocation configuration will use to fetch Delta CRL. This CRL is used by Online Responder to determine the revocation status of requested certificate. Do not use this parameter if referenced Certification Authority is not configured to publish Delta CRLs.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningServer</maml:name><maml:description><maml:para>Specifies the Enterprise Certification Authority used to enroll for OCSP signing certificate. When this parameter is specified, '-SigningServer' parameter is mandatory.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">CertificateAuthority</command:parameterValue><dev:type><maml:name>CertificateAuthority</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named"><maml:name>SigningFlag</maml:name><maml:description><maml:para>Specifies the signing certificate used to sign OCSP responses for current CA. Signing certificate must have an associated private key.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">OcspSigningFlags</command:parameterValue><dev:type><maml:name>OcspSigningFlags</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponderRevocationConfiguration.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>$OcspSigningCA = Get-CertificationAuthority "ca01.example.org" Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration -Name "Example Org v0.0" | Set-OnlineResponderRevocationConfiguration ` -SigningCertTemplate "OcspResponseSigning" ` -SigningServer $OcspSigningCA ` -SigningFlag "Silent, SigningCertAutoRenewal, ForceDelegatedCert, AutoDiscoverSigninCert, ResponderIdKeyHash, SigningCertAutoEnrollment" ` -BaseCrlUrl "http://cdp2.example.com/exca.crl","http://cdp3.example.com/exca.crl" ` -DeltaCrlUrl "http://cdp2.example.com/exca+.crl","http://cdp3.example.com/exca+.crl" ` -HashAlgorithm (New-Object System.Security.Cryptography.Oid2 "sha256", $false)</dev:code><dev:remarks><maml:para>This example configures revocation configuration named "Example Org v0.0" to: a) use "OcspResponseSigning" certificate template to enroll for OCSP signing certificate, b) automatic signing certificate renewal, Online Responder identification by CA public key hash c) URLs that point to reference Base and Delta CRLs d) use SHA256 hashing algorithm to hash and sign OCSP responses.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration -Name "External Example Org CA" | Set-OnlineResponderRevocationConfiguration ` -SigningFlag "Silent, ManualSigningCert, AllowNonce" ` -BaseCrlUrl "http://cdp2.example.com/exca.crl","http://cdp3.example.com/exca.crl" ` -HashAlgorithm (New-Object System.Security.Cryptography.Oid2 "sha256")</dev:code><dev:remarks><maml:para>This example configures revocation configuration to: a) use out-of-band enrolled OCSP signing certificate b) allow Nonce in OCSP requests c) base CRL URLs (assuming Delta CRLs are not used by CA) d) SHA256 hashing algorithm used to sign OCSP responses.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Set-OnlineResponderRevocationConfiguration</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Set-OnlineResponderProperty</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Start-CertificationAuthority</command:name><maml:description><maml:para>Starts certificate services on specified Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Start</command:verb><command:noun>CertificationAuthority</command:noun><dev:version /></command:details><maml:description><maml:para>Starts certificate services on specified Certification Authority.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Start-CertificationAuthority</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Start-CertificationAuthority</dev:code><dev:remarks><maml:para>Starts certificates cervices on a CA server hosted on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Start-CertificationAuthority</dev:code><dev:remarks><maml:para>Starts certificate services on all Certification Authorities in the current forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Start-CertificationAuthority</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Stop-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restart-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Start-OnlineResponder</command:name><maml:description><maml:para>Starts Online Responder service.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Start</command:verb><command:noun>OnlineResponder</command:noun><dev:version /></command:details><maml:description><maml:para>Starts Online Responder service. This command starts 'ocspsvc' service on specified server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Start-OnlineResponder</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to start. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to start. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Start-OnlineResponder</dev:code><dev:remarks><maml:para>Starts Online Responder service on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Start-OnlineResponder</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Stop-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restart-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Stop-CertificationAuthority</command:name><maml:description><maml:para>Stops certificate services on specified Certification Authority.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Stop</command:verb><command:noun>CertificationAuthority</command:noun><dev:version /></command:details><maml:description><maml:para>Stops certificate services on specified Certification Authority.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Stop-CertificationAuthority</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>CertificationAuthority</maml:name><maml:description><maml:para>Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">CertificateAuthority[]</command:parameterValue><dev:type><maml:name>CertificateAuthority[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>PKI.CertificateServices.CertificateAuthority</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_PKI_CertificateServices_CertificateAuthority.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority ca01.company.com | Stop-CertificationAuthority</dev:code><dev:remarks><maml:para>Stops certificates cervices on a CA server hosted on 'ca01.company.com' server.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example><command:example><maml:title>-------------------------- Example 2 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>PS C:\> Get-CertificationAuthority | Start-CertificationAuthority</dev:code><dev:remarks><maml:para>Stops certificate services on all Certifcation Authorities in the current forest.</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Stop-CertificationAuthority</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Start-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restart-CertificationAuthority</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command><command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><!--Generated by PS Cmdlet Help Editor--> <command:details><command:name>Stop-OnlineResponder</command:name><maml:description><maml:para>Starts Online Responder service.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Stop</command:verb><command:noun>OnlineResponder</command:noun><dev:version /></command:details><maml:description><maml:para>Stops Online Responder service. This command stops 'ocspsvc' service on specified server.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Stop-OnlineResponder</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to stop. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0"><maml:name>OnlineResponder</maml:name><maml:description><maml:para>Specifies the Online Response instance to stop. This object can be reetrieved by calling Connect-OnlineResponder command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">OcspResponder[]</command:parameterValue><dev:type><maml:name>OcspResponder[]</maml:name><maml:uri/></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>SysadminsLV.PKI.Management.CertificateServices.OcspResponder</maml:name><maml:uri>https://www.pkisolutions.com/apidocs/pki/html/T_SysadminsLV_PKI_Management_CertificateServices_OcspResponder.htm</maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:inputType> </command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None.</maml:name><maml:uri></maml:uri><maml:description/></dev:type><maml:description><maml:para /></maml:description></command:returnValue> </command:returnValues><command:terminatingErrors></command:terminatingErrors><command:nonTerminatingErrors></command:nonTerminatingErrors><maml:alertSet><maml:title></maml:title><maml:alert><maml:para /></maml:alert></maml:alertSet><command:examples><command:example><maml:title>-------------------------- Example 1 --------------------------</maml:title><maml:introduction><maml:paragraph>PS C:\\></maml:paragraph></maml:introduction><dev:code>Connect-OnlineResponder "ocsp1.example.com" | Stop-OnlineResponder</dev:code><dev:remarks><maml:para>Stops Online Responder service on "ocsp1.example.com".</maml:para><maml:para /><maml:para /><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText><maml:para /></command:commandText></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online version:</maml:linkText><maml:uri>https://www.pkisolutions.com/tools/pspki/Stop-OnlineResponder</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Connect-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Start-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Restart-OnlineResponder</maml:linkText><maml:uri></maml:uri></maml:navigationLink></maml:relatedLinks></command:command></helpItems> |