PowerShell PKI Module Documentation
Documentation HomeGet-CAExchangeCertificate
Synopsis
Retrieves CA Exchange certificate from specified Certification Authority (CA)
Syntax
Get-CAExchangeCertificate [-CertificationAuthority] <CertificateAuthority[]> [[-Encoding] <EncodingType>] [-X509] [<CommonParameters>]
Description
Retrieves CA Exchange certificate from specified Certification Authority (CA).
CA Exchange certificate is used by key archival process. Client application retrieves this certificate from enrollment server and encrypts it using the client private key. Encrypted key is sent to CA by using enrollment transport.
Also PKIView.msc MMC snap-in relies on CA Exchange certificate to locate OCSP URLs in the AIA extensions.
In Windows Server 2003, CA Exchange certificate was used to retrieve all URLs configured by CA for AIA and CDP extensions.
Parameters
-CertificationAuthority <CertificateAuthority[]>
Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-X509 <SwitchParameter>
This parameter returns CA Exchange certificate as an X509Certificate2 object.
If this parameter is True, 'Encoding' parameter is ignored.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
-Encoding <EncodingType>
Specifies output encoding format. This parameter supports Binary and Base64 encodings.
Binary encoding is a certificate DER-encoded byte array.
Base64 is a textually encoded DER-encoded byte array. Is commonly used for copy/pasting from console window. If '-X509' parameter is specified, this parameter is ignored.
| Required? | False |
| Position? | 1 |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
PKI.CertificateServices.CertificateAuthority
Outputs
Certificate encoded in a Base64 string
Pure binary copy of the certificate
System.Security.Cryptography.X509Certificates.X509Certificate2
An X509Certificate2 object
Notes
Examples
Example 1
PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate
Returns the most recent CA Exchange certificate in a Base64 encoding.
Example 2
PS C:\> Get-CertificationAuthority ca01.company.com | Get-CAExchangeCertificate -Encoding Binary
Returns the most recent CA Exchange certificate in a DER-encoded byte array form.
Example 3
PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate -X509
Returns the most recent CA Exchange certificate as an X509Certificate2 object.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions