Add-OnlineResponderLocalCrlEntry

Synopsis

Adds local revocation entry to specified Online Responder Revocation Configuration.

Syntax

Add-OnlineResponderLocalCrlEntry -InputObject <OcspResponderRevocationConfiguration[]> -Entry <X509CRLEntryCollection> [-Force] [<CommonParameters>]

Add-OnlineResponderLocalCrlEntry -InputObject <OcspResponderRevocationConfiguration[]> -SerialNumber <String[]> [-Reason <X509RevocationReasons>] [-Force] [<CommonParameters>]

Description

Adds local revocation entry to specified Online Responder Revocation Configuration.

Normally, Online Responder refers to CRL to determine if requested serial number is revoked or not. Administrators can add serial numbers that are considered revoked even if they are not listed in reference CRL.

Note: this action shall be executed on array controller. Otherwise, these changes may be overwritten during array member synchronization with array controller.

Parameters

-InputObject <OcspResponderRevocationConfiguration[]>

Specifies the Online Responder revocation configuration. This object can be retrieved by calling Get-OnlineResponderRevocationConfiguration command.

-Entry <X509CRLEntryCollection>

Specifies a collection of revocation entries to add to local persistent CRL.

-Force <SwitchParameter>

Specifies whether to overwrite existing local CRL or append entries to the end of existing local CRL.

True — overwrites existin local CRL with entries to add
False (default) — appends seria numbers to the end of existing local CRL

-SerialNumber <String[]>

Specifies an array of strings where each string represents a hexadecimal revoked certificate's serial number.

-Reason <X509RevocationReasons>

Optionally, specifies the revocation reason for serial numbers provided in "-SerialNumber" parameter.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration

Outputs

SysadminsLV.PKI.Management.CertificateServices.OcspResponderRevocationConfiguration

Notes

Examples

Example 1

PS C:\> Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Add-OnlineResponderLocalCrlEntry -SerialNumber "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f" -Reason "KeyCompromise"

In this example, a certificate serial numbers "097bc012207f2c914e3f390551a98162", "2f3b6244bd2ce5b544abf7ef47fa8d3f" and marked as revoked with "Key Compromise" reason and appended to local CRL to revocation configuration named "Example Org v0.0" on Online Responder hosted on "ocsp1.example.com"

Example 2

PS C:\> $crl = Get-CertificateRevocationList -Path C:\CertData\example-org.crl
Connect-OnlineResponder "ocsp1.example.com" | Get-OnlineResponderRevocationConfiguration "Example Org CA v0.0" | Add-OnlineResponderLocalCrlEntry -Entry $crl.RevokedCertificates -Force

In this example, a) first line reads a locally stored CRL file. b) second line gets reovcation configuration named "Example Org v0.0" from Online Responder hosted on "ocsp1.example.com" and overwrites local CRL with entries from CRL object retrieved in first line.

Related links

Connect-OnlineResponder
Remove-OnlineResponderLocalCrlEntry

Minimum PowerShell version support

• Windows PowerShell 3.0

Operating System Support

• Windows 7
• Windows 8
• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2008 R2 all editions
• Windows Server 2012 all editions
• Windows Server 2012 R2 all editions
• Windows Server 2016 all editions
• Windows Server 2019 all editions
• Windows Server 2022 all editions