Restores default CA certificate revocation list (CRL) configuration flags.
Restore-CertificateRevocationListFlagDefault [-InputObject] <CRLFlag[]> [-RestartCA] [<CommonParameters>]
Restores default CA certificate revocation list (CRL) configuration flags and discards any previous CRL flag modifications. This command is helpful in the case of incorrect configuration or you want to stay "default".
By default only these flags are enabled:
DeleteExpiredCRLs - deletes CRLs signed by the expired CA keys.
Specifies existing CRLFlag object. This object can be retrieved by running Get-CertificateRevocationListFlag command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Restarts CA service on the specified CA server to immediately apply changes.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
PKI.CertificateServices.Flags.CRLFlag
PKI.CertificateServices.Flags.CRLFlag
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificationAuthority ca01.company.com | Get-CRLFlag | Restore-CRLFlagDefault -RestartCA
The command restores default flags for CA CRL configuration for CA server running on ca01.company.com computer. After the configuration is changed, the command will restart certificate services to immediately apply changes.
Get-CertificationAuthority
Connect-CertificationAuthority
Get-CertificateRevocationListFlag
Enable-CertificateRevocationListFlag
Disable-CertificateRevocationListFlag