PowerShell PKI Module Documentation
Documentation HomeEnable-KeyRecoveryAgentFlag
Synopsis
Enables key recovery agent settings (flag) for specified CA server.
Syntax
Enable-KeyRecoveryAgentFlag [-InputObject] <KRAFlag[]> [-Flag] <KRAFlagEnum> [-RestartCA] [<CommonParameters>]
Description
Enables Key Recovery Agent (KRA) settings (flag) for specified CA server.
Parameters
-InputObject <KRAFlag[]>
Specifies the KRA object to process. This object can be retrieved by running Get-KeyRecoveryAgentFlag command.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue, ByPropertyName) |
Accept wildcard characters? | False |
-Flag <KRAFlagEnum>
Specifies the flag to enable. The following flag (of flags) can be used:
EnableForeign – enables key archival for certificates issued by other (or 3rd party) CA.
SaveBadRequestKey – enforces key archival even if the submitted public and private key pair cannot be verified.
EnableArchiveAll – enforces key archival for all incoming certificate requests. Do not use this flag unless all certificate requests support key archival.
DisableUseDefaultProvider – disables default cryptographic service provider (CSP) usage for public and private key pair verification.
Required? | True |
Position? | 1 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-RestartCA <SwitchParameter>
Restarts CertSvc service on the specified CA server to immediately apply changes.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
PKI.CertificateServices.Flags.KRAFlag
Outputs
PKI.CertificateServices.Flags.KRAFlag
Notes
Examples
Example 1
PS C:\> Get-CertificationAuthority | Get-KeyRecoveryAgentFlag | Enable-KeyRecoveryAgentFlad -Flag "EnableForeign"
This example allows the CA to archive public and private key pair that were issued (signed) by other (or 3rd party) CA. After the configuration is changed, the command will restart certificate services to immediately apply changes.
Related links
Get-CertificationAuthority
Connect-CertificationAuthority
Get-KeyRecoveryAgentFlag
Disable-KeyRecoveryAgentFlag
Restore-KeyRecoveryAgentFlagDefault
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions