Submit a certificate request to an enrollment server and installs the response or retrieves a certificate for a previously submitted request.
Syntax
Get-Certificate [-Url Uri] -Template String [-SubjectName String [-DnsName String[]]
[-Credential PkiCredential] [-CertStoreLocation String] [-WhatIf] [-Confirm]
[CommonParameters]
Get-Certificate -Request Certificate [-Credential PkiCredential] [-WhatIf] [-Confirm]
[CommonParameters]
Key
-CertStoreLocation
The path to the certificate store for the received certificate.
If the request is made pending, then the request object is saved in the corresponding request store.
Note: Only My store is supported.
-Confirm
Prompt you for confirmation before running the cmdlet.
-Credential
Specify the credential to use for certificate enrollment.
The credential can be a user name and password (a credential object), an X509 certificate, or the path to a cert.
If a credential is not specified, then Kerberos authentication is used.
-DnsName
Specify one or more DNS names to be included in the certificate request as subject alternative name extension.
-Request
The X509 certificate or the path to a requested certificate located in the request store.
-SubjectName
The subject name to be included in the certificate request.
-Template
The object identifier or name of a certificate template to use with the certificate request.
-Url
The policy server URL to use for certificate enrollment.
Credentials are required if the endpoint requires a user name and password or certificate authentication from the client.
If credentials are not found and Windows PowerShell is in interactive mode, then a prompt for credentials will appear.
-WhatIf
Show what would happen if the cmdlet runs. The cmdlet is not run.
Standard Aliases for Get-Certificate: none
Get-Certificate can be used to submit a certificate request and install the resulting certificate, install a certificate from a pending certificate request, and enroll for ldap. If the request is issued, then the returned certificate is installed in the store determined by the CertStoreLocation parameter and return the certificate in the EnrollmentResult structure with status Issued. If the request is made pending, then the request is installed in the machine REQUEST store and a request is returned in the EnrollmentResult structure with status Pending.
This cmdlet can be used in a Stateless mode where this cmdlet does not look up anything in the vault or in a Stateful mode where it looks at registered certificate enrollment policy servers by identifier (ID) and credential. When used with a request object and no credential, this cmdlet will look up credentials in the vault based on the URL for the enrollment policy server.
This cmdlet will not accept a policy server identifier (ID). If a URL is not specified, then only the default certificate enrollment policy ID is used and the cmdlet will attempt to obtain policy information from any of its URLs.
Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.
Client certificates are not returned by this cmdlet, but can instead be retrieved with Get-ChildItem
Get the installed personal certificates:
Get-ChildItem 'Cert:\CurrentUser\My' | Format-Table Subject, FriendlyName, Thumbprint -AutoSize#Get the installed local machine certificates from a remote machine
$Certs = Invoke-Command -Computername 'Server64' -Scriptblock {Get-ChildItem "Cert:\LocalMachine\My"}
Submit a certificate request for the SslWebServer template to the specific URL using the user name and password credentials.:
PS C:\> $up = Get-Credential
PS C:\> Get-Certificate -Template SslWebServer -DnsName www.contoso.com,www.fabrikam.com -Url https://www.contoso.com/Policy/service.svc -Credential $up -CertStoreLocation cert:\LocalMachine\My
Submit a certificate request to a specific URL using the certificate credential for authentication:
$certsource = @{
Template = 'SslWebServer'
DnsName= "www.example.com"
Url = "https://www.example.com/policy/service.svc"
Credential = $cert
CertStoreLocation = 'cert:\LocalMachine\My'
}
$cert = Get-ChildItem -Path cert:\LocalMachine\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF
$enrollResult = Get-Certificate @certsource
Use Windows integrated authentication to enroll for a certificate of template User using direct DCOM calls to the CA:
PS C:\> Set-Location -Path cert:\CurrentUser\My
PS cert:\CurrentUser\My> Get-Certificate -Template User -Url ldap:
“Do not act as if you were going to live ten thousand years. Death hangs over you.
While you live, while it is in your power, be good” ~ Marcus Aurelius, Meditations
Export-Certificate - Export a certificate from a certificate store into a file.
Import-Certificate - Import one or more certificates into a certificate store.
Equivalent CMD commands: CERTUTIL - Display certification authority, configure Certificate Services. CERTREQ - Request cert.