Get-Hgs
Syntax
Get-HgsKeyProtectionCertificate
[-CertificateType <KeyCertificateType>]
[-IsEnabled <Boolean>]
[-IsPrimary <Boolean>]
[<CommonParameters>]Get-HgsKeyProtectionCertificate
-CertificateType <KeyCertificateType>
-Thumbprint <String>
[<CommonParameters>]Description
The Get-HgsKeyProtectionCertificate cmdlet gets key certificates in the Key Protection Service.
Examples
Example 1: Get all key certificates
PS C:\> Get-HgsKeyProtectionCertificateThis command gets all key certificates from the Key Protection Service.
Example 2: Get a specific key certificate
PS C:\> Get-HgsKeyProtectionCertificate -CertificateType Encryption -Thumbprint "a17dd68f4ecc499bbe65ee18718123da"This command gets a key certificate that has the specified type and thumbprint.
Example 3: Get enabled non-primary key certificates
PS C:\> Get-HgsKeyProtectionCertificate -IsEnabled $True -IsPrimary $FalseThis command gets all key certificates that are enabled but not primary.
Required Parameters
Specifies the thumbprint of the certificate to get. If you specify this parameter, you must also specify the CertificateType parameter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Optional Parameters
Specifies of the type of the certificate that this cmdlet gets. The acceptable values for this parameter are:The acceptable values for this parameter are:
- Signing
- Encryption
If you do not specify this parameter, the cmdlet gets both signing and encryption certificates.
| Type: | KeyCertificateType |
| Parameter Sets: | Signing, Encryption, Signing, Encryption |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies whether to get enabled or disabled key certificates. Specify a value of $True to get only enabled certificates. Specify a value of $False to get only disabled certificates. If you do not specify this parameter, the cmdlet gets both enabled and disabled certificates.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies whether to get the primary key certificate. Specify a value of $True to get only the primary certificate. Specify a value of $False to get only certificates that are not primary. If you do not specify this parameter, the cmdlet gets both primary and not primary certificates.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
Microsoft.Windows.KpsServer.Common.Store.Data.KeyCertificate
This cmdlet returns a key certificate. The object contains the following fields:
- Thumbprint . The thumbprint of the certificate.
- CertificateType . The type of the certificate. Valid values are: Encryption and Signing.
- Enabled . Whether the certificate is enabled.
- Primary . Whether this certificate is the primary certificate.
- Certificate . The full X509Certificate2 object associated with this key certificate.