Get-Certificate

업데이트 날짜: 2015년 9월

Get-Certificate

Submits a certificate request to an enrollment server and installs the response or retrieves a certificate for a previously submitted request.

구문

Parameter Set: PendingRetrieval
Get-Certificate -Request <Certificate> [-Credential <PkiCredential> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SubmitRequest
Get-Certificate -Template <String> [-CertStoreLocation <String> ] [-Credential <PkiCredential> ] [-DnsName <String[]> ] [-SubjectName <String> ] [-Url <Uri> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




자세한 설명

The Get-Certificate cmdlet can be used to submit a certificate request and install the resulting certificate, install a certificate from a pending certificate request, and enroll for ldap. If the request is issued, then the returned certificate is installed in the store determined by the CertStoreLocation parameter and return the certificate in the EnrollmentResult structure with status Issued. If the request is made pending, then the request is installed in the machine REQUEST store and a request is returned in the EnrollmentResult structure with status Pending.

This cmdlet can be used in a Stateless mode where this cmdlet does not look up anything in the vault or in a Stateful mode where it looks at registered certificate enrollment policy servers by identifier (ID) and credential. When used with a request object and no credential, this cmdlet will look up credentials in the vault based on the URL for the enrollment policy server.

This cmdlet will not accept a policy server identifier (ID). If a URL is not specified, then only the default certificate enrollment policy ID is used and the cmdlet will attempt to obtain policy information from any of its URLs.

Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.

매개 변수

-CertStoreLocation<String>

Specifies the path to the certificate store for the received certificate. If the request is made pending, then the request object is saved in the corresponding request store. Note: Only My store is supported.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Credential<PkiCredential>

Specifies the credential to use for certificate enrollment. The credential can be a user name and password (a credential object), an X509 certificate, or the path to a certificate. If a credential is not specified, then Kerberos authentication is used.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-DnsName<String[]>

Specifies one or more DNS names to be included in the certificate request as subject alternative name extension.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Request<Certificate>

Specifies the X509 certificate or the path to a requested certificate located in the request store.


별칭

none

필수 여부

true

위치

named

기본값

none

파이프라인 입력 허용 여부

True (ByValue)

와일드카드 문자 허용 여부

false

-SubjectName<String>

Specifies the subject name to be included in the certificate request.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Template<String>

Specifies the object identifier or name of a certificate template to use with the certificate request.


별칭

none

필수 여부

true

위치

named

기본값

none

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-Url<Uri>

Specifies the policy server URL to use for certificate enrollment. Credentials are required if the endpoint requires a user name and password or certificate authentication from the client. If credentials are not found and Windows PowerShell® is in interactive mode, then a prompt for credentials will appear.


별칭

none

필수 여부

false

위치

named

기본값

none

파이프라인 입력 허용 여부

True (ByValue, ByPropertyName)

와일드카드 문자 허용 여부

false

-Confirm

cmdlet을 실행하기 전에 확인 메시지를 표시합니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

-WhatIf

cmdlet이 실행되는 경우 발생할 결과를 보여 줍니다. cmdlet은 실행되지 않습니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 허용 여부

false

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, -OutVariable 등의 일반 매개 변수를 지원합니다. 자세한 내용은 TechNet의 about_CommonParameters(http://go.microsoft.com/fwlink/p/?LinkID=113216)

입력

입력 형식은 cmdlet으로 파이프할 수 있는 개체의 형식입니다.

  • System.Security.Cryptography.X509Certificates.X509Certificate2

    The Certificate object can either be provided as a Path object to a certificate or an X509Certificate2 object.


  • System.Uri

    The Uri object can also be pipelined by the Url property name.


출력

출력 형식은 cmdlet 실행 시 출력되는 개체의 형식입니다.

  • Microsoft.CertificateServices.Commands.EnrollmentResult

    The EnrollmentResult object contains the results of enrollment.


EXAMPLE 1

This example submits a certificate request for the SslWebServer template to the specific URL using the user name and password credentials. The request will have two DNS names in it. This is for a certificate in the machine store. If the request is issued, then the returned certificate is installed in the machine MY store and the certificate in the EnrollmentResult structure is returned with the status Issued. If the request is made pending, then the request is installed in the machine REQUEST store and the request in the EnrollmentResult structure is returned with the status Pending.


 

PS C:\> $up = Get-Credential

 

PS C:\> Get-Certificate -Template SslWebServer -DnsName www.contoso.com,www.fabrikam.com -Url https://www.contoso.com/Policy/service.svc -Credential $up -CertStoreLocation cert:\LocalMachine\My

EXAMPLE 2

This example submits a certificate request to a specific URL using the certificate credential for authentication.


 

PS C:\> $cert = ( Get-ChildItem -Path cert:\LocalMachine\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF )

 

PS C:\> $enrollResult = Get-Certificate -Template SslWebServer -DnsName www.contoso.com -Url https://www.contoso.com/policy/service.svc -Credential $cert -CertStoreLocation cert:\LocalMachine\My

EXAMPLE 3

This example authenticates the URL using the machine account and Windows integrated authentication and submits a request for a machine certificate of template named WorkstationTemplate.


 

PS C:\> Set-Location -Path cert:\LocalMachine\My

 

PS C:\> $enrollResult = ( Get-Certificate -Template WorkstationTemplate -Url https://www.contoso.com/service.svc )

EXAMPLE 4

This example uses Windows integrated authentication to enroll for a certificate of template User using direct DCOM calls to the CA.


 

PS C:\> Set-Location -Path cert:\CurrentUser\My

 

PS C:\> Get-Certificate -Template User -Url ldap:

EXAMPLE 5

This example retrieves and submits a pending request using a user name and password as credentials.


 

PS C:\> $request = (Get-ChildItem -Path cert:\LocalMachine\Request\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF)

 

PS C:\> $up = Get-Credential

 

PS C:\> Get-Certificate -Request $request -Credential $up

EXAMPLE 6

This example retrieves the certificate identified by $request. If the authentication type for $request.EnrollmentServer.AuthType is not Kerberos, then look in the credential store to see if there is a credential for $request.EnrollmentServer.Url. If there is a credential, then use it. If there is no credential, then Windows PowerShell® will request it (if Windows PowerShell is in Interactive mode).


 

PS C:\> $request = (Get-ChildItem -Path cert:\LocalMachine\Request\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF)

 

PS C:\> Get-Certificate -Request $request

관련 항목

커뮤니티 추가 항목

추가
표시: