PowerShell PKI Module
Project Description
This module is intended to simplify various PKI and Active Directory Certificate Services management tasks by using automation with Windows PowerShell.
This module is intended for Certification Authority management. For local certificate store management you should consider to use Quest AD PKI cmdlets.
Relationships between Microsoft PKI and PSPKI modules
Starting with Windows 8/Windows Server 2012, a PKI module is installed along with AD CS Remote Server Administration Tools. This module is maintained by Microsoft. PSPKI is open-source community module and uses completely different codebase.
Documentation
All documentation is available at PKI Solutions: PowerShell PKI Module
Download and install PowerShell PKI module from the PowerShell Gallery using PowerShell
Install-Module -Name PSPKI
Module Requirements
This module can run on any of the specified operating system:
- Windows Server 2008 R2/2012/2012 R2/2016/2019/2022
- Windows 7/8/8.1/10/11
Module installation requires installed AD CS RSAT (Remote System Administration Tools for Active Directory Certificate Services)
Certificate services support
This module supports Enterprise or Standalone Certification Authority (CA) servers that are running one the following operating systems:
- Windows Server 2003/2003 R2
- Windows Server 2008 (including Server Core)
- Windows Server 2008 R2 (including Server Core)
- Windows Server 2012 (including Server Core)
- Windows Server 2012 R2 (including Server Core)
- Windows Server 2016 (including Server Core)
- Windows Server 2019 (including Server Core)
- Windows Server 2022 (including Server Core)
Online Responder support
This module supports Online Certificate Status Protocol (OCSP) servers that are running one the following operating systems:
- Windows Server 2008 Enterprise (Full Installation)
- Windows Server 2008 R2 Enterprise (Full Installation)
- Windows Server 2012 (including Server Core)
- Windows Server 2012 R2 (including Server Core)
- Windows Server 2016 (including Server Core)
- Windows Server 2019 (including Server Core)
- Windows Server 2022 (including Server Core)
Full Command List
- Add-AdCertificate
- Add-AdCertificateRevocationList (Alias: Add-AdCrl)
- Add-AuthorityInformationAccess (Alias: Add-AIA)
- Add-CAKRACertificate
- Add-CATemplate
- Add-CertificateTemplateAcl
- Add-CertificationAuthorityAcl (Alias: Add-CAAccessControlEntry Add-CAACL)
- Add-CRLDistributionPoint (Alias: Add-CDP)
- Add-ExtensionList
- Add-OnlineResponderAcl (Alias: Add-OCSPACL)
- Add-OnlineResponderArrayMember
- Add-OnlineResponderLocalCrlEntry
- Add-OnlineResponderRevocationConfiguration
- Approve-CertificateRequest
- Connect-CertificationAuthority (Alias: Connect-CA)
- Connect-OnlineResponder
- Convert-PemToPfx
- Convert-PfxToPem
- Deny-CertificateRequest
- Disable-CertificateRevocationListFlag (Alias: Disable-CRLFlag)
- Disable-InterfaceFlag
- Disable-KeyRecoveryAgentFlag (Alias: Disable-KRAFlag)
- Disable-PolicyModuleFlag
- Enable-CertificateRevocationListFlag (Alias: Enable-CRLFlag)
- Enable-InterfaceFlag
- Enable-KeyRecoveryAgentFlag (Alias: Enable-KRAFlag)
- Enable-PolicyModuleFlag
- Get-AdcsDatabaseRow (Alias: Get-DatabaseRow)
- Get-ADKRACertificate
- Get-AdPkiContainer
- Get-AuthorityInformationAccess (Alias: Get-AIA)
- Get-CACryptographyConfig
- Get-CAExchangeCertificate
- Get-CAKRACertificate
- Get-CATemplate
- Get-CertificateContextProperty
- Get-CertificateRequest
- Get-CertificateRevocationList (Alias: Get-CRL)
- Get-CertificateRevocationListFlag (Alias: Get-CRLFlag)
- Get-CertificateTemplate
- Get-CertificateTemplateAcl
- Get-CertificateTrustList (Alias: Get-CTL)
- Get-CertificateValidityPeriod
- Get-CertificationAuthority (Alias: Get-CA)
- Get-CertificationAuthorityAcl (Alias: Get-CAACL Get-CASecurityDescriptor)
- Get-CertificationAuthorityDbSchema
- Get-CryptographicServiceProvider (Alias: Get-Csp)
- Get-CRLDistributionPoint (Alias: Get-CDP)
- Get-CRLValidityPeriod
- Get-EnrollmentPolicyServerClient
- Get-EnterprisePKIHealthStatus
- Get-ErrorMessage
- Get-ExtensionList
- Get-FailedRequest
- Get-InterfaceFlag
- Get-IssuedRequest
- Get-KeyRecoveryAgentFlag (Alias: Get-KRAFlag)
- Get-ObjectIdentifier (Alias: oid)
- Get-ObjectIdentifierEx (Alias: oid2)
- Get-OnlineResponderAcl (Alias: Get-OCSPACL)
- Get-OnlineResponderRevocationConfiguration
- Get-PendingRequest
- Get-PolicyModuleFlag
- Get-RevokedRequest
- Import-LostCertificate
- New-SelfSignedCertificateEx
- Ping-ICertInterface
- Publish-CRL
- Receive-Certificate
- Register-ObjectIdentifier
- Remove-AdCertificate
- Remove-AdCertificateRevocationList (Alias: Remove-AdCrl)
- Remove-AdcsDatabaseRow (Alias: Remove-Request)
- Remove-AuthorityInformationAccess (Alias: Remove-AIA)
- Remove-CAKRACertificate
- Remove-CATemplate
- Remove-CertificateTemplate
- Remove-CertificateTemplateAcl
- Remove-CertificationAuthorityAcl (Alias: Remove-CAAccessControlEntry Remove-CAACL)
- Remove-CRLDistributionPoint (Alias: Remove-CDP)
- Remove-ExtensionList
- Remove-OnlineResponderAcl (Alias: Remove-OCSPACL)
- Remove-OnlineResponderArrayMember
- Remove-OnlineResponderLocalCrlEntry
- Remove-OnlineResponderRevocationConfiguration
- Restart-CertificationAuthority
- Restart-OnlineResponder
- Restore-CertificateRevocationListFlagDefault (Alias: Restore-CRLFlagDefault)
- Restore-KeyRecoveryAgentFlagDefault (Alias: Restore-KRAFlagDefault)
- Restore-PolicyModuleFlagDefault
- Revoke-Certificate
- Set-AuthorityInformationAccess (Alias: Set-AIA)
- Set-CACryptographyConfig
- Set-CAKRACertificate
- Set-CATemplate
- Set-CertificateExtension
- Set-CertificateTemplateAcl
- Set-CertificateValidityPeriod
- Set-CertificationAuthorityAcl (Alias: Set-CAACL Set-CASecurityDescriptor)
- Set-CRLDistributionPoint (Alias: Set-CDP)
- Set-CRLValidityPeriod
- Set-ExtensionList
- Set-OnlineResponderAcl (Alias: Set-OCSPACL)
- Set-OnlineResponderProperty
- Set-OnlineResponderRevocationConfiguration
- Show-Certificate
- Show-CertificateRevocationList (Alias: Show-CRL)
- Show-CertificateTrustList (Alias: Show-CTL)
- Start-CertificationAuthority
- Start-OnlineResponder
- Stop-CertificationAuthority
- Stop-OnlineResponder
- Submit-CertificateRequest
- Test-WebServerSSL
- Unregister-ObjectIdentifier