Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Get-IssuedRequest

[This command requires installed Remote Server Administration Tools (RSAT)]

Get-IssuedRequest

Synopsis

Retrieves issued certificate requests from Certification Authority (CA) database.

Syntax

Get-IssuedRequest [-CertificationAuthority] <CertificateAuthority[]> [[-RequestID] <Int32[]>] [[-Property] <String[]>] [[-Filter] <String[]>] [<CommonParameters>]

Description

Retrieves issued certificate requests from Certification Authority (CA) database. Issued certificate requests contain only valid and unrevoked issued certificates.

Since CA server may contain many issued certificates, you may specify various filters by using 'RequestID' or 'Filter' parameters.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the Certification Authority to process. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-RequestID <Int32[]>

Use this parameter if you know desired request ID or IDs. You may specify more than one ID and command will return only failed requests with matching IDs.

If this parameter is used, 'Filter' parameter is ignored.

Required? False
Position? 1
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-Property <String[]>

By default, the command returns only common certificate request properties (database columns). Use this parameter to show additional properties if necessary. List of possible properties depends on CA server operating system version. To retrieve valid property list run Get-CASchema command.

In order to display all properties for output objects set this parameter to asterisk '*'. However, all property retrieval may affect Certification Authority's performance.

Required? False
Position? 2
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-Filter <String[]>

Specifies the query filter to restrict output objects to ones that matches query filter rule. Query filter rule consist of three components: <RequestProperty>, <comparison operator> and <value>. Query filter is composed in the following format: "<RequestProperty> <comparison operator> <value>" where:
<RequestProperty> - is a certificate request property name. To retrieve valid property list run Get-CASchema command.
<comparison operator> - specifies the logical operator of the data-query qualifier for the column.
<value> - specifies the data query qualifier applied to the certificate request property.

Possible operators are:
-eq (equal to) - the value in the <value> field equals to a value stored in the certificate request property.
-le (less or equal to) - the value in the <value> field is less or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers.
-lt (less than) - the value in the <value> field is less then a value stored in the certificate request property. See below about operator behavior with string qualifiers.
-ge (greater or equal to) - the value in the <value> field is greater or equal to a value stored in the certificate request property. See below about operator behavior with string qualifiers.
-gt (greater than) - the value in the <value> field is greater than a value stored in the certificate request property. See below about operator behavior with string qualifiers.

There are special rules when processing the following operators: '-ge', '-gt', '-le' and '-lt' with string qualifiers. In this case, CA server performs binary comparison between strings (column value and qualifier value). For example, "A" is less than "B" ("A" is placed before "B", therefore "B" is greater than "A"), "AC" is greater than "AB", "ABC" is less than "BRC".
If column value length is larger than qualifier string, a wild card is virtually added to the query qualifier value. For example, column value is "a large string" and qualifier value is "a large", then column value is greater than qualifier value. In other words, "AA" > "A" and "A" < "AA".

An example of the filter: Request.RequesterName -eq domain\username
this filter returnes requests that were requested by 'domain\username' user account. See examples section for more filter examples.

You can specify multiple filters. All filters are applied to requests with logical AND operator. This means that output requests must match all filters.

Note: wildcard characters are not supported.

Note: if 'RequestID' parameter is specified, all filters are ignored.

Required? False
Position? 3
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.DB.RequestRow

You can pipe this object to Remove-DatabaseRow to delete specified objects from CA database.

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -Filter "CertificateTemplate -eq WebServer", "CommonName -eq www.company.com"

Retrieves only requests issued based on 'WebServer' template and which are issued to 'www.company.com' subject.

Example 2

PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -RequestID 4,65,107 -Property "CertificateTemplate", "RawCertificate"

Retrieves issued requests with RequestID equal to 4, 65 and 107. Also this command will add 'CertificateTemplate' and 'RawCertificate' properties. 'RawCertificate' contains issued certificate raw content and you can save it to a .cer file.

Example 3

PS C:\> Get-CertificationAuthority | Get-IssuedRequest -Property "Request.RawRequest" -Filter "UPN -eq someone@company.com"

Retieves issued requests that contains 'someone@company.com' in the Subject Alternative Names (SAN) extension. Also this command will add 'Request.RawRequest' property.

Example 4

PS C:\> Get-CertificationAuthority ca01.company.com | Get-IssuedRequest -Filter "NotAfter -ge $(Get-Date)", "NotAfter -le $((Get-Date).AddMonths(2))"

This command will retrieve certificates from CA server hosted on 'ca01.company.com' server, that will expire in next two months.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-CASchema
Get-RevokedRequest
Get-PendingRequest
Get-FailedRequest
Revoke-Certificate
Remove-DatabaseRow

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha