Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Set-ExtensionList

[This command requires installed Remote Server Administration Tools (RSAT)]

Set-ExtensionList

Synopsis

Sets certificate enabled/disabled extension lists.

Syntax

Set-ExtensionList [-InputObject] <ExtensionList[]> [-RestartCA] [<CommonParameters>]

Description

Sets certificate enabled/disabled extension lists.Extensions are sorted in 3 categories:

EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request.
OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used.
DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.

For more details see corresponding parameter description.

Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx

Parameters

-InputObject <ExtensionList[]>

Specifies existing ExtensionList object to process. This object can be retrieved by running either Add-ExtensionList or Remove-ExtensionList command.

Required? True
Position? 0
Default value  
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-RestartCA <SwitchParameter>

Restarts CA service on the specified CA server to immediately apply changes.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.PolicyModule.ExtensionList

Outputs

PKI.CertificateServices.PolicyModule.ExtensionList

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA

This command will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 2

PS C:\> Get-CertificationAuthority -Name Company-CA | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA

This will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will ignore this extension in certificate request.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-ExtensionList
Remove-ExtensionList
Add-ExtensionList

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2003 all editions
  • Windows Server 2008 all editions
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions

Comments:

Captcha