Sets certificate enabled/disabled extension lists.
Set-ExtensionList [-InputObject] <ExtensionList[]> [-RestartCA] [<CommonParameters>]
Sets certificate enabled/disabled extension lists.Extensions are sorted in 3 categories:
EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request.
OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used.
DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.
For more details see corresponding parameter description.
Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx
Specifies existing ExtensionList object to process. This object can be retrieved by running either Add-ExtensionList or Remove-ExtensionList command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
Restarts CA service on the specified CA server to immediately apply changes.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
PKI.CertificateServices.PolicyModule.ExtensionList
PKI.CertificateServices.PolicyModule.ExtensionList
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA
This command will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.
PS C:\> Get-CertificationAuthority -Name Company-CA | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA
This will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will ignore this extension in certificate request.
Get-CertificationAuthority
Connect-CertificationAuthority
Get-ExtensionList
Remove-ExtensionList
Add-ExtensionList