Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Disable-KeyRecoveryAgentFlag

[This command requires installed Remote Server Administration Tools (RSAT)]

Disable-KeyRecoveryAgentFlag

Synopsis

Disables key recovery agent settings (flag) for specified CA server.

Syntax

Disable-KeyRecoveryAgentFlag [-InputObject] <KRAFlag[]> [-Flag] <KRAFlagEnum> [-RestartCA] [<CommonParameters>]

Description

Disables Key Recovery Agent (KRA) settings (flag) for specified CA server. By default no KRA flags are enabled.

Parameters

-InputObject <KRAFlag[]>

Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-Flag <KRAFlagEnum>

Specifies the flag to disable. The following flag (of flags) can be used:

EnableForeign - enables key archival for certificates issued by other (or 3rd party) CA.
SaveBadRequestKey - enforces key archival even if the submitted public and private key pair cannot be verified.
EnableArchiveAll - enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival.
DisableUseDefaultProvider - disables default cryptographic service provider (CSP) usage for public and private key pair verification.

Required? True
Position? 1
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-RestartCA <SwitchParameter>

Restarts CertSvc service on the specified CA server to immediately apply changes.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.Flags.KRAFlag

Outputs

PKI.CertificateServices.Flags.KRAFlag

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name "company-CA01" | Get-KeyRecoveryAgentFlag | Disable-KeyRecoveryAgentFlad -Flag "EnableForeign"

This command disables key archival for keys that were issued (signed) by other (or 3rd party) CA server. After the configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-KeyRecoveryAgentFlag
Enable-KeyRecoveryAgentFlag
Restore-KeyRecoveryAgentFlagDefault

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha