PKI Insights Webinar - Emerging PKI Threats for 2025 Jan 23rd - Register Today!

PowerShell PKI Module Documentation

Documentation Home
This command is not available in non-domain environments
This command requires installed Remote Server Administration Tools (RSAT)

This command supports only Enterprise Certification Authorities

Get-CATemplate

Synopsis

Retrieves certificate templates that are assigned to a specified Certification Authority (CA).

Syntax

Get-CATemplate [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates.

Use this command to add and/or remove certificate template to specified certification authority.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the Certification Authority object. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.CATemplate

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Add-CATemplate -Name "SmartCardV2","OfflineComputer" | Set-CATemplate

This command will add 'SmartCardV2' and 'OfflineComputer' templates (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and assigns them to a 'Company CA01' certification authority.

Example 2

PS C:\> Get-CertificationAuthority | Get-CATemplate | Add-CATemplate -DisplayName "Computer V2", "CA Exchange" | Set-CATemplate

This command will add templates with display names: 'Computer V2' (must be created by using Certificate Templates MMC snap-in by duplicating existing templates) and CA Exchange and assigns them to all Enterprise CAs in the forest.

This example is useful to provide template redundancy, so clients are able to enroll for a certificate even one CA server is down.

Example 3

PS C:\> $Template = Get-CertificateTemplate -Name WebServer
C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Add-CATemplate -Template $Template | Set-CATemplate

In this example the first command retrieves template object by running Get-CertificateTemplate command. In the second line adds this template to a CA server running on 'ca01.company.com' server.

Example 4

PS C:\> Get-CertificationAuthority -Name "Company CA01" | Get-CATemplate | Remove-CATemplate -Name "Machine","WebServer" | Set-CATemplate

This command will remove 'Machine' and 'WebServer' templates from 'Company CA01' CA server. CA server will unable to issue any certificates based on specified templates.

Example 5

PS C:\> Get-CertificationAuthority | Get-CATemplate | Remove-CATemplate -DisplayName "Domain Controller" | Set-CATemplate

This command will remove Domain Controller template from all Enterprise CAs in the forest.

Example 6

PS C:\> $Template = Get-CertificateTemplate -DisplayName "Key Recovery Agent"
C:\PS>Get-CertificationAuthority ca01.company.com | Get-CATemplate | Remove-CATemplate -Template $Template | Set-CATemplate

In this example first command retrieves 'Key Recovery Agent' template object. In the second line specified template will be removed from CA server running on 'ca01.company.com' server.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Add-CATemplate
Remove-CATemplate
Set-CATemplate
Get-CertificateTemplate

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions