Install-CertificateResponse

Synopsis

Installs certificate signing request (CSR) response into local certificate store.

Syntax

Install-CertificateResponse [-Path] <FileInfo> [-InstallOptions <InstallResponseFlags>] [-MachineContext] [<CommonParameters>]

Install-CertificateResponse -Certificate <X509Certificate2> [-InstallOptions <InstallResponseFlags>] [-MachineContext] [<CommonParameters>]

Description

Installs certificate signing request (CSR) response into local certificate store and associate it with pending private key. The pending request object is moved from REQUEST store into MY (Personal) store.

Parameters

-Path <FileInfo>

Specifies the path to a certificate response file. Can be either, a certificate (.cer) or PKCS#7 (*.p7b) store file.

-InstallOptions <InstallResponseFlags>

Specifies install options. The following values or their combinations can be used:

- AllowNone -- Do not install untrusted certificates or certificates for which there is no corresponding request.
- AllowNoOutstandingRequest -- Create the private key from the certificate response rather than from the dummy certificate. This makes the dummy certificate optional. If this value is not set, the dummy certificate must exist, and the private key is extracted from it.
- AllowUntrustedCertificate -- Install untrusted end entity and certification authority certificates. Certification authority certificates include root and subordinate CA certificates. End entity certificates are installed to the personal store, and CA certificates are installed to the certification authority store.
- AllowUntrustedRoot -- Perform the same action as the AllowUntrustedCertificate flag but also installs the certificate even if the certificate chain cannot be built because the root is not trusted.

-MachineContext <SwitchParameter>

Specifies whether the certificate must be installed into machine (system) store rather than currently logged user store (default).

-Certificate <X509Certificate2>

Specifies the certificate object that represents certificate signing request response.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216)

Inputs

System.Security.Cryptography.X509Certificates.X509Certificate2

Outputs

None.

Notes

Examples

Example 1

PS C:\> Install-CertificateResponse -Path C:\issued_cert.cer

Installs certificate response from specified location into current user certificate store with default settings. Default settings require that the issued certificate chain is trusted, valid and there is corresponding pending certificate request in current user store.

Example 2

PS C:\> $cert = Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -RequestID 100 | Receive-Certificate
PS C:\> Install-CertificateResponse -Certificate $cert -MachineStore

In this example, the issued certificate is retrieved from Microsoft AD CS Certification Authority, where issued request ID is 100 and then installs issued certificate into local machine (system) certificate store.

Related links

• Receive-Certificate
• Get-CertificationAuthority
• Get-IssuedRequest

Minimum PowerShell version support

• Windows PowerShell 3.0

Operating System Support

• Windows 7
• Windows 8
• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2008 R2 all editions
• Windows Server 2012 all editions
• Windows Server 2012 R2 all editions
• Windows Server 2016 all editions
• Windows Server 2019 all editions
• Windows Server 2022 all editions
• Windows Server 2025 all editions