Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Get-CAExchangeCertificate

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-CAExchangeCertificate

Synopsis

Retrieves CA Exchange certificate from specified Certification Authority (CA)

Syntax

Get-CAExchangeCertificate [-CertificationAuthority] <CertificateAuthority[]> [[-Encoding] <X509EncodingType>] [-X509] [<CommonParameters>]

Description

Retrieves CA Exchange certificate from specified Certification Authority (CA).

CA Exchange certificate is used by key archival process. Client application retrieves this certificate from enrollment server and encrypts it using the client private key. Encrypted key is sent to CA by using enrollment transport.
Also PKIView.msc MMC snap-in relies on CA Exchange certificate to locate OCSP URLs in the AIA extensions.

In Windows Server 2003, CA Exchange certificate was used to retrieve all URLs configured by CA for AIA and CDP extensions.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-Encoding <X509EncodingType>

Specifies output encoding format. This parameter supports Binary and Base64 encodings.

Binary encoding is a certificate DER-encoded byte array.
Base64 is a textually encoded DER-encoded byte array. Is commonly used for copy/pasting from console window. If '-X509' parameter is specified, this parameter is ignored.

Required? False
Position? 1
Default value Base64
Accept pipeline input? false
Accept wildcard characters? False

-X509 <SwitchParameter>

This parameter returns CA Exchange certificate as an X509Certificate2 object.

If this parameter is True, 'Encoding' parameter is ignored.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

System.String

Certificate encoded in a Base64 string

System.Byte[]

Pure binary copy of the certificate

System.Security.Cryptography.X509Certificates.X509Certificate2

An X509Certificate2 object

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate

Returns the most recent CA Exchange certificate in a Base64 encoding.

Example 2

PS C:\> Get-CertificationAuthority ca01.company.com | Get-CAExchangeCertificate -Encoding Binary

Returns the most recent CA Exchange certificate in a DER-encoded byte array form.

Example 3

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate -X509

Returns the most recent CA Exchange certificate as an X509Certificate2 object.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha