PowerShell PKI Module Documentation

Documentation Home

Receive-Certificate

Synopsis

Receives issued certificate from a Certification Authority database.

Syntax

Receive-Certificate -RequestRow <Object> [-Path <DirectoryInfo>] [-Force] [<CommonParameters>]

Receive-Certificate [-EnrollmentPolicyServer <PolicyServerClient>] [-Credential <PSCredential>] [-Path <DirectoryInfo>] [-Force] [<CommonParameters>]

Description

Receives issued certificate from a Certification Authority database. This command can be used to retrieve an issued pending certificate request after its approval.

Although, the command saves received certificates in the specified folder, the command returns corresponding X509Certificate2 objects, so you can use these certificates for custom tasks.

Parameters

-RequestRow <Object>

Specifies a RequestRow object. This object can be retrieved by using either Get-IssuedRequest or Get-RevokedRequest. The request object already contains information about target CA server and request ID in the CA database.

Note: this command retrieves only issued certificates, therefore you should not use Get-PendingRequest or Get-FailedRequest commands.

Required? True
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-Path <DirectoryInfo>

Specifies the path to a directory where to store the issued certificate. This parameter accepts only directory paths. If the directory doesn't exist, the command attempts to create it.

Files names are generated in the following form: RequestID_<RequestID>.cer

where '<RequestID>' is the request ID in the CA database.

Note: you should avoid RequestRow piping from different CA servers, because 2 CA servers may have matching RequestID values. Instead, use this command against each CA server separately.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Force <SwitchParameter>

Specifies whether to overwrite existing file or not.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-EnrollmentPolicyServer <PolicyServerClient>

Specifies the enrollment policy server endpoint from which to retrieve the certificate. Enrollment policy server endpoint object can be retrieved by running [url=http://pspki.codeplex.com/wikipage?title=Get-EnrollmentPolicyServerClient]Get-EnrollmentPolicyServerClient[/url] command.

Required? False
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? False

-Credential <PSCredential>

Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

SysadminsLV.PKI.Management.CertificateServices.Database.AdcsDbRow

Outputs

System.Security.Cryptography.X509Certificates.X509Certificate2

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name MyCA | Get-IssuedRequest -Filter "CertificateTemplate -eq WebServer", "CommonName -eq www.company.com" | Receive-Certificate -Path C:\certs -Force

In this example, the commands retrieve all issued certificates based on 'WebServer' template and issued to 'www.company.com' name and save them in 'C:\certs' folder.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-IssuedRequest
Get-RevokedRequest

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions