Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at:

PowerShell PKI Module home

Powered by Windows PowerShell

Project Description

This module is intended to simplify various PKI and Active Directory Certificate Services management tasks by using automation with Windows PowerShell.

This module is intended for Certification Authority management. For local certificate store management you should consider to use Quest AD PKI cmdlets.

Follow Start guide to get started with the module.

Download the most recent PowerShell PKI Module:

Module Requirements

  • Windows PowerShell 3.0 or higher
  • .NET Framework 4.0 or higher

This module can run on any of the specified operating system:

  • Windows Server 2008*/2008 R2/2012/2012 R2
  • Windows Vista**/7**/8**/8.1**/10**

* — Server Core installation is not supported.
** — with installed RSAT (Remote System Administration Tools)

Certification Authority requirements

This module supports Enterprise or Standalone Certification Authority servers that are running one the following operating system:

  • Windows Server 2003/2003 R2
  • Windows Server 2008 (including Server Core)
  • Windows Server 2008 R2 (including Server Core)
  • Windows Server 2012 (including Server Core)
  • Windows Server 2012 R2 (including Server Core)

Command list:

Full command list for the latest release:

 Project Roadmap

Project is under active development and for future plans you can check our official Roadmap (not yet definitive).

The following technologies and products were used to design this module:


Davis Parker
Davis Parker 25.07.2017 17:37 (GMT+3)

This is a great module.  Here is a script I put together to generate a CSV file of certificates expiring within 2 months.  We have multiple CAs so I have them in a CSV file that I read in along with the template names that I am interested in reporting on.


Start-Transcript CertificateExpirations.log
import-module pspki
New-Item expirations.csv -type file -force
$CAs = import-csv input.csv

Foreach ($ca in $CAs) {


    $certs = get-ca -name $ | Get-IssuedRequest -filter "CertificateTemplate -eq $template", "NotAfter -ge $(Get-Date)", "NotAfter -le $((Get-Date).AddMonths($months))" | select *
    Foreach ($cert in $certs) {
        Add-Member -InputObject $cert -MemberType NoteProperty -Force -Name "CA" -Value $
    $certs | export-csv expirations.csv -append




Ben 11.09.2017 16:15 (GMT+3)

Thank you for this greate module!
When will the PSPKI module supported on Windows Server 2016?