PowerShell PKI Module Documentation
Documentation HomeGet-PolicyModuleFlag
Synopsis
Retrieves default policy module flags.
Syntax
Get-PolicyModuleFlag [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]
Description
Retrieves default Policy Module flags. These flags are processed by policy module during certificate request processing.
Parameters
-CertificationAuthority <CertificateAuthority[]>
Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
PKI.CertificateServices.CertificateAuthority
Outputs
PKI.CertificateServices.PolicyModule.EditFlag
Notes
Examples
Example 1
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag
Returns policy module enabled flags for specified CA server.
Example 2
PS C:\> Get-CertificationAuthority | Get-PolicyModuleFlag
Returns policy module enabled flags for all CAs in the forest with separate object per CA.
Example 3
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag AttributeSubjectAlternativeName -RestartCA
Disables 'Subject Alternative Name' attribute in a submitted certificate request and restarts certificate services. In order to issue a certificate with SAN extension, it must be a part of certificate request extensions. After command completion Company-CA CA server will be restarted to immediately apply changes.
Example 4
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Disable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA
Disables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will prevent CA to issue OCSP Response Signing certificate and any previously disabled extension (see Add-ExtensionList) will be populated in the issued certificates. After command completion Company-CA CA server will be restarted to immediately apply changes.
Example 5
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag AttributeSubjectAlternativeName -Restart CA
Enables 'Subject Alternative Name' attribute in a submitted certificate request. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.
Note: do not enable SAN attribute on Enterprise CAs if it is possible to include SAN as extension.
Example 6
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-PolicyModuleFlag | Enable-PolicyModuleFlag EnableOCSPRevNoCheck, DisableExtensionList -RestartCA
Enables 'OCSP No Revocation Checking' extension and disables Disabled Certificate Extension list processing. This will allow CA to issue OCSP Response Signing certificate and will instruct CA server to process disabled extension list (see Add-ExtensionList) and extensions in this list will be not populated in issued certificates. After command completion 'Company-CA' CA server will be restarted to immediately apply changes.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Enable-PolicyModuleFlag
Disable-PolicyModuleFlag
Restore-PolicyModuleFlagDefault
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions