Get-AuthorityInformationAccess
Synopsis
Retrieves specified Certification Authority Authority Information Access (AIA) info.
Syntax
Get-AuthorityInformationAccess [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]
Description
Retrieves specified Certification Authority Authority Information Access (AIA) info.
AIA extension is used by certificate chaining engine (CCE) for certificate chain building and (if applicable) for certificate revocation checking by using OCSP protocol. AIA extension may consist of three parts:
- physical path that is used by Certification Authority (CA) to publish CRT files (no longer supported by Windows CA).
- URI (URIs) that is used by CA to publish in issued certificates for CRT file retrieval. This URI (URIs) are published to a issued certificates Authority Information Access extension as Certification Authority Issuer access method.
- URI (URIs) that is used by clients to determine certificate revocation status by using Online Certificate Status Protocol.
Parameters
-CertificationAuthority <CertificateAuthority[]>
Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue) |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
PKI.CertificateServices.CertificateAuthority
Outputs
PKI.CertificateServices.AuthorityInformationAccess
Notes
Author: Vadims Podans
Blog: https://www.sysadmins.lv
Examples
Example 1
PS C:\> Get-CertificationAuthority -Name MyCA | Get-AIA | Add-AuthorityInformationAccess -URI "2:http://eu.company.com/MyCA%4.crt" | Set-AuthorityInformationAccess -RestartCA
This example will retrieve AIA extension configuration from 'MyCA' CA server and adds new URI that will be published in all issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.
Example 2
PS C:\> Get-CertificationAuthority -Name RootCA | Get-AuthorityInformationAccess | Add-AuthorityInformationAccess -URI "32:http://na.company.com/OCSP" | Set-AuthorityInformationAccess -RestartCA
This example will retrieve AIA extension configuration from 'RootCA' CA server and adds new URI that will be published in all issued certificates as OCSP location. After configuration is changed, the command will restart certificate services to immediately apply changes.
Example 3
PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*c:\windows*" | Set-AuthorityInformationAccess -RestartCA
This example will remove all AIA URIs that contains 'c:\windows' pattern. After command completion certificate services will be restarted to immediately apply changes.
Example 4
PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*ldap://*" | Set-AuthorityInformationAccess -RestartCA
This example will remove all URIs that are used for CRT file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Add-AuthorityInformationAccess
Remove-AuthorityInformationAccess
Set-AuthorityInformationAccess
Minimum PowerShell version support
- PowerShell 3.0
Operating System Support
- Windows Server 2003 all editions
- Windows Server 2008 all editions
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions