Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://pspki.codeplex.com/

Get-AuthorityInformationAccess

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-AuthorityInformationAccess

Synopsis

Retrieves specified Certification Authority Authority Information Access (AIA) info.

Syntax

Get-AuthorityInformationAccess [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves specified Certification Authority Authority Information Access (AIA) info.

AIA extension is used by certificate chaining engine (CCE) for certificate chain building and (if applicable) for certificate revocation checking by using OCSP protocol. AIA extension may consist of three parts:

- physical path that is used by Certification Authority (CA) to publish CRT files (no longer supported by Windows CA).
- URI (URIs) that is used by CA to publish in issued certificates for CRT file retrieval. This URI (URIs) are published to a issued certificates Authority Information Access extension as Certification Authority Issuer access method.
- URI (URIs) that is used by clients to determine certificate revocation status by using Online Certificate Status Protocol.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.AuthorityInformationAccess

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name MyCA | Get-AIA | Add-AuthorityInformationAccess -URI "2:http://eu.company.com/MyCA%4.crt" | Set-AuthorityInformationAccess -RestartCA

This example will retrieve AIA extension configuration from 'MyCA' CA server and adds new URI that will be published in all issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 2

PS C:\> Get-CertificationAuthority -Name RootCA | Get-AuthorityInformationAccess | Add-AuthorityInformationAccess -URI "32:http://na.company.com/OCSP" | Set-AuthorityInformationAccess -RestartCA

This example will retrieve AIA extension configuration from 'RootCA' CA server and adds new URI that will be published in all issued certificates as OCSP location. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 3

PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*c:\windows*" | Set-AuthorityInformationAccess -RestartCA

This example will remove all AIA URIs that contains 'c:\windows' pattern. After command completion certificate services will be restarted to immediately apply changes.

Example 4

PS C:\> Get-CertificationAuthority -Name MyCA | Get-AuthorityInformationAccess | Remove-AuthorityInformationAccess -URI "*ldap://*" | Set-AuthorityInformationAccess -RestartCA

This example will remove all URIs that are used for CRT file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Add-AuthorityInformationAccess
Remove-AuthorityInformationAccess
Set-AuthorityInformationAccess

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha