PowerShell PKI module v3.4.1 Release Notes

 Release notes include changes for PSPKI module itself and underlying API library. 

This release is a part of major underlying code structure refactoring.

New cmdlets

• Get-AdPkiContainer

• Add-AdCertificate

• Remove-AdCertificate

• Add-AdCertificateRevocationList

• Remove-AdCertificateRevocationList

Changes in existing cmdlets

Approve-CertificateRequest

Deny-CertificateRequest

Get-AdcsDatabaseRow

Get-FailedRequest

Get-IssuedRequest

Get-PendingRequest

Get-RevokedRequest

Remove-AdcsDatabaseRow

Revoke-Certificate

• Input and output types changed from 'PKI.CertificateServices.DB.RequestRow' to 'SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow'

Get-CASchema

• Output type is changed to 'SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbColumnSchema[]'

Get-AdcsDatabaseRow

Get-FailedRequest

Get-IssuedRequest

Get-PendingRequest

Get-RevokedRequest

• added '-Page', '-PageSize' parameters to utilize CA database query paging.

New-SelfSignedCertificateEx

• Added '-Runtime' parameter to avoid certificate generation in certificate store. Instead, the certificate is generated in memory.
• Added '-Issuer' parameter to allow CA-signed certificate generation.
• Added '-AlternateSignatureAlgorithm' parameter to support PKCS#1 v2.1 signature format.

Bug fixes:

• Specifying properties causes CertificateTemplate to have wrong value
• [Feature] CA database row processors can be more efficient
• Importing the module on recent PowerShell versions fails with Update-TypeData errors
• Generating a self-signed certificate, in memory only, without admin access
• [BUG] Get-CAExchangeCertificate fails with invalid type error
• New-SelfSignedCertificateEx not setting issuer and subject
• Set-CertificateExtension issue with inexistent OID.Format() method
• Test-WebServerSSL exception
• Can the docs explain the difference between PSPKI and PKI modules?
• Errors when querying ADCS CA database
• Get-CryptographicServiceProvider returns "Object reference not set to an instance of an object."

Updates in v3.4.1

After 3.4.0 release, a serious pre-Windows 10 compatibility issue was discovered. The issue is described on GitHub: New-SelfsignedCertificateEx : Exception setting "ProviderName". The issue was caused due to an incompatibility of CertEnroll interop library from Windows 10 with previous systems even if no new Windows 10-specific types are used. During issue investigation, other related issues were discovered. v3.4.1 resolved this and discovered issues.

In addition, this version addresses:

• X509CRLBuilder and NextPublish extension
• [Feature] Delete private key by adding a scriptmethod to X509Certificate2 type in PowerShell.

The use of this scriptmethod is simple:

$cert = Get-Item Cert:\CurrentUser\My\{THUMBPRINT}
$cert.DeletePrivateKey()

This scriptmethod deletes private key material from system. Method returns either, $true or $false depending on operation's success.