New Post: Error importing PSPKI module {Write-ErrorMessage -Source "CAPIUnavailable"}

July 13, 2016, 7:45 am

≫ Next: Closed Unassigned: Exception calling "ResubmitRequest" with "2" argument(s) [98]

≪ Previous: New Post: Error importing PSPKI module {Write-ErrorMessage -Source "CAPIUnavailable"}

Hello

I resolved the issue

I need to install the CA Remote Administration tools (Add/Remove Windows Components) as I did not have the COM object available until the admin tools were installed.

Thanks
Ernie

↧

Closed Unassigned: Exception calling "ResubmitRequest" with "2" argument(s) [98]

August 8, 2016, 10:32 am

≫ Next: Closed Unassigned: Remove-DatabaseRow works on 08R2 CA but not 12R2 CA [97]

≪ Previous: New Post: Error importing PSPKI module {Write-ErrorMessage -Source "CAPIUnavailable"}

PS PKI 3.2.5

This code snippet throws an error when running it locally on a Windows Server 2012 R2 domain-joined standalone root certificate authority. The same code works on Windows 7 SP1 domain-joined workstation with RSAT.

In this example, request 49's status is "taken under submission" and is waiting for approval before executing.

```
Import-Module PsPKI
Import-Module ActiveDirectory

$Script:CA = "ca.example.com"

Function Handle-Error {
Param (
[PSObject]$Error
)
Process {
$Error[0].Exception.InnerException.Message
$Error[0].Exception.InnerException.StackTrace
}
}

Write-Host "# Approve pending CSR: Get-PendingRequest"
Try {
$CertificateRequest = Get-PendingRequest -CertificationAuthority $Script:CA -RequestID 49
$CertificateRequest
} Catch {
Handle-Error -Error $Error[0]
}

Write-Host "# Approve pending CSR: Approve-CertificateRequest"
Try {
$ApprovalResponse = Approve-CertificateRequest -Request $CertificateRequest
$ApprovalResponse
} Catch {
Handle-Error -Error $Error[0]
}
```

Output for Windows Server 2012 R2 domain-joined standalone root certificate authority

```
# Approve pending CSR: Get-PendingRequest

RequestID : 49
Request.RequesterName : EXAMPLE\user
Request.SubmittedWhen : 5/17/2016 7:29:48 PM
Request.CommonName : Test User
CertificateTemplate :
RowId : 49
ConfigString : ca.example.com\CA
Table : Request

# Approve pending CSR: Approve-CertificateRequest
WARNING: Unable to issue request with ID = '49'
Exception calling "ResubmitRequest" with "2" argument(s): "CCertAdmin::ResubmitRequest: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PsPKI\Server\Approve-CertificateRequest.ps1:16 char:5
+ $DM = $CertAdmin.ResubmitRequest($Request.ConfigString,$Request.RequestID)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ComMethodTargetInvocation
```

Output for Windows 7 SP1 domain-joined workstation with RSAT

```
# Approve pending CSR: Get-PendingRequest

RequestID : 49
Request.RequesterName : EXAMPLE\user
Request.SubmittedWhen : 05/17/2016 07:29:48 PM
Request.CommonName : Test User
CertificateTemplate :
RowId : 49
ConfigString : ca.example.com\CA
Table : Request

# Approve pending CSR: Approve-CertificateRequest
The certificate '49' was issued.'
```

Comments: UAC

↧

Closed Unassigned: Remove-DatabaseRow works on 08R2 CA but not 12R2 CA [97]

August 8, 2016, 10:33 am

≫ Next: Closed Unassigned: Get-CertificateRequest bug in 3.2.5 [96]

≪ Previous: Closed Unassigned: Exception calling "ResubmitRequest" with "2" argument(s) [98]

PSPKI 3.0.0

WS08R2 CA
Import-Module PSPKI
Get-CertificationAuthority "WVSXXXXX.support.xxxxxxxxxx.org" | Get-FailedRequest | Remove-DatabaseRow

Deleted request row with ID = 6745147.
Deleted request row with ID = 6745148.
Deleted request row with ID = 6745149.
Deleted request row with ID = 6745150.
Deleted request row with ID = 6745151.
Deleted request row with ID = 6745152.

PS D:\DATA\Powershell>

WS12R2 CA
Import-Module PSPKI
Get-CertificationAuthority "WVSYYYYY.support.xxxxxxxxxx.org" | Get-FailedRequest | Remove-DatabaseRow

WARNING: Non-request or non-CRL table row removal is not supported. ID='402'
WARNING: Non-request or non-CRL table row removal is not supported. ID='403'
WARNING: Non-request or non-CRL table row removal is not supported. ID='5'
WARNING: Non-request or non-CRL table row removal is not supported. ID='247'
WARNING: Non-request or non-CRL table row removal is not supported. ID='248'
WARNING: Non-request or non-CRL table row removal is not supported. ID='349'
WARNING: Non-request or non-CRL table row removal is not supported. ID='366'
WARNING: Non-request or non-CRL table row removal is not supported. ID='367'



Please ADVISE!

Comments: it was resolved in PSPKI v3.1 and newer versions.

↧

Closed Unassigned: Get-CertificateRequest bug in 3.2.5 [96]

August 8, 2016, 10:35 am

≫ Next: Closed Unassigned: X509CRL2.GetNextPublish() fails with v3.2.5 [95]

≪ Previous: Closed Unassigned: Remove-DatabaseRow works on 08R2 CA but not 12R2 CA [97]

Hello Camelot,

Looks like there was a regression in X509CertificateRequest in release 3.2.5.
Every time I try to instantiate a PKCS#10 since this release I get an error in the constructor "Invalid data".
Downgrading to 3.1 and everything works again as expected.

I tried with several CSRs and all result in this error.
Jordan
Comments: Fixed in v3.2.6

↧

Closed Unassigned: X509CRL2.GetNextPublish() fails with v3.2.5 [95]

August 8, 2016, 10:35 am

≫ Next: Closed Unassigned: Cannot convert value "ca.example.com" to type "PKI.CertificateServices.CertificateAuthority" [93]

≪ Previous: Closed Unassigned: Get-CertificateRequest bug in 3.2.5 [96]

Hello Camelot,

The GetNextPublish() method of X509CRL2 fails with the following error since I upgraded to PSPKI 3.2.5:
```
Exception calling "GetNextPublish" with "0" argument(s): "ASN1 bad tag value met."
```

Note that, like it is documented, I expect this method to work whether the CRL contains a NextPublish extension or not (I have both cases).

Best regards,
Jordan
Comments: Fixed in v3.2.6

↧

Closed Unassigned: Cannot convert value "ca.example.com" to type "PKI.CertificateServices.CertificateAuthority" [93]

August 8, 2016, 10:37 am

≫ Next: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

≪ Previous: Closed Unassigned: X509CRL2.GetNextPublish() fails with v3.2.5 [95]

PS PKI 3.1.0

I managed to get some code working beautifully on my Windows 7 SP1 workstation, but it throws an error when I try to run it locally on my Windows Server 2012 R2 standalone root certificate authority. I think I've narrowed it down to the one line below. I'm so close...so close!

It throws an error on server ca.example.com: Windows Server 2012 R2 (domain-joined standalone root CA)

```
Import-Module PsPKI
$CertificateRequestResponse = Submit-CertificateRequest -CertificationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certificates\CertReq.csr"
Submit-CertificateRequest : Cannot process argument transformation on parameter 'CertificationAuthority'. Cannot convert value "ca.example.com" to type
"PKI.CertificateServices.CertificateAuthority". Error: "There is no such object on the server.
"
At line:2 char:81
+ ... ationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Submit-CertificateRequest], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Submit-CertificateRequest

$CertificateRequestResponse
```

It works fine on workstation wx.example.com: Windows 7 SP1 (domain-joined workstation with RSAT)

```
Import-Module PsPKI
$CertificateRequestResponse = Submit-CertificateRequest -CertificationAuthority "ca.example.com" -Path "\\fs.example.com\path\to\certificates\CertReq.csr"
$CertificateRequestResponse

CertificationAuthority : PKI.CertificateServices.CertificateAuthority
RequestID : 22
Status : UnderSubmission
Certificate :
ErrorInformation : Taken Under Submission
```
Comments: fixed in v3.2.6

↧

Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

August 8, 2016, 12:36 pm

≫ Next: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

≪ Previous: Closed Unassigned: Cannot convert value "ca.example.com" to type "PKI.CertificateServices.CertificateAuthority" [93]

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

Release notes in my weblog: https://www.sysadmins.lv/blog-en/powershell-pki-module-v325-is-released.aspx

↧

Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

August 8, 2016, 12:45 pm

≫ Next: Updated Wiki: Home

≪ Previous: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

Release notes in my weblog: https://www.sysadmins.lv/blog-en/powershell-pki-module-v326-is-out.aspx

↧

Updated Wiki: Home

August 8, 2016, 12:52 pm

≫ Next: Updated Wiki: Home

≪ Previous: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

Project Description

This module is intended to simplify certain PKI management tasks by using automation with Windows PowerShell.

This module is intended for Certification Authority management. For local certificate store management you should consider to useQuest AD PKI cmdlets.

Module Requirements

Windows PowerShell 3.0
.NET Framework 4.0

This module can run on any of the specified operating system:

Windows Server 2008*/2008 R2/2012/2012 R2
Windows Vista**/7**/8**/8.1**/10**

*— Server Core installation is not supported.
**— with installed RSAT (Remote System Administration Tools)

Certification Authority requirements

This module supports Enterprise or Standalone Certification Authority servers that are running one the following operating system:

Windows Server 2003/2003 R2
Windows Server 2008 (including Server Core)
Windows Server 2008 R2 (including Server Core)
Windows Server 2012 (including Server Core)
Windows Server 2012 R2 (including Server Core)

Command list:

Full command list for the latest release:

Add-AuthorityInformationAccess (Alias:Add-AIA)
Add-CAAccessControlEntry (Alias:Add-CAACL)
Add-CAKRACertificate
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias:Add-CDP)
Add-ExtensionList
Approve-CertificateRequest
Connect-CertificationAuthority (Alias:Connect-CA)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-CertificateRevocationListFlag (Alias:Disable-CRLFlag)
Disable-InterfaceFlag
Disable-KeyRecoveryAgentFlag
Disable-PolicyModuleFlag
Enable-CertificateRevocationListFlag (Alias:Enable-CRLFlag)
Enable-InterfaceFlag
Enable-KeyRecoveryAgentFlag
Enable-PolicyModuleFlag
Get-ADKRACertificate
Get-AuthorityInformationAccess (Alias:Get-AIA)
Get-CACryptographyConfig
Get-CAExchangeCertificate
Get-CAKRACertificate
Get-CASchema
Get-CASecurityDescriptor (Alias:Get-CAACL)
Get-CATemplate
Get-CertificateContextProperty
Get-CertificateRequest
Get-CertificateRevocationList (Alias:Get-CRL)
Get-CertificateRevocationListFlag (Alias:Get-CRLFlag)
Get-CertificateTemplate
Get-CertificateTemplateAcl
Get-CertificateTrustList (Alias:Get-CTL)
Get-CertificateValidityPeriod
Get-CertificationAuthority
Get-CryptographicServiceProvider
Get-CryptographicServiceProviderCNG
Get-CryptographicServiceProviderEx (Alias:Get-Csp)
Get-CRLDistributionPoint (Alias:Get-CDP)
Get-CRLValidityPeriod
Get-DatabaseRow
Get-EnrollmentPolicyServerClient
Get-EnterprisePKIHealthStatus
Get-ErrorMessage
Get-ExtensionList
Get-FailedRequest
Get-InterfaceFlag
Get-IssuedRequest
Get-KeyRecoveryAgentFlag
Get-ObjectIdentifier (Alias:oid)
Get-ObjectIdentifierEx (Alias:oid2)
Get-PendingRequest
Get-PolicyModuleFlag
Get-RevokedRequest
Import-LostCertificate
Install-CertificationAuthority
New-SelfSignedCertificateEx
Ping-ICertInterface
Publish-CRL
Receive-Certificate
Register-ObjectIdentifier
Remove-AuthorityInformationAccess (Alias:Remove-AIA)
Remove-CAAccessControlEntry (Alias:Remove-CAACL)
Remove-CAKRACertificate
Remove-CATemplate
Remove-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateTemplate
Remove-CertificateTemplateAcl
Remove-CRLDistributionPoint (Alias:Remove-CDP)
Remove-DatabaseRow (Alias:Remove-Request)
Remove-ExtensionList
Restart-CertificationAuthority
Restore-CertificateRevocationListFlagDefault (Alias:Restore-CRLFlagDefault)
Restore-KeyRecoveryAgentFlagDefault
Restore-PolicyModuleFlagDefault
Revoke-Certificate
Set-AuthorityInformationAccess
Set-CACryptographyConfig
Set-CAKRACertificate
Set-CASecurityDescriptor (Alias:Set-CAACL)
Set-CATemplate
Set-CertificateExtension
Set-CertificateTemplateAcl
Set-CertificateValidityPeriod
Set-CRLDistributionPoint (Alias:Set-CDP)
Set-CRLValidityPeriod
Set-ExtensionList
Show-Certificate
Show-CertificateRevocationList (Alias:Show-CRL)
Show-CertificateTrustList (Alias:Show-CTL)
Start-CertificationAuthority
Start-PsFCIV
Stop-CertificationAuthority
Submit-CertificateRequest
Test-WebServerSSL
Uninstall-CertificationAuthority
Unregister-ObjectIdentifier

Project Roadmap

Project is under active development and for future plans you can check our official Roadmap (not yet definitive).

The following technologies and products were used to design this module:

↧

Updated Wiki: Home

August 8, 2016, 12:53 pm

≫ Next: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

≪ Previous: Updated Wiki: Home

Project Description

This module is intended to simplify certain PKI management tasks by using automation with Windows PowerShell.

This module is intended for Certification Authority management. For local certificate store management you should consider to useQuest AD PKI cmdlets.

Module Requirements

Windows PowerShell 3.0
.NET Framework 4.0

This module can run on any of the specified operating system:

Windows Server 2008*/2008 R2/2012/2012 R2
Windows Vista**/7**/8**/8.1**/10**

*— Server Core installation is not supported.
**— with installed RSAT (Remote System Administration Tools)

Certification Authority requirements

This module supports Enterprise or Standalone Certification Authority servers that are running one the following operating system:

Windows Server 2003/2003 R2
Windows Server 2008 (including Server Core)
Windows Server 2008 R2 (including Server Core)
Windows Server 2012 (including Server Core)
Windows Server 2012 R2 (including Server Core)

Command list:

Full command list for the latest release:

Add-AuthorityInformationAccess (Alias:Add-AIA)
Add-CAAccessControlEntry (Alias:Add-CAACL)
Add-CAKRACertificate
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias:Add-CDP)
Add-ExtensionList
Approve-CertificateRequest
Connect-CertificationAuthority (Alias:Connect-CA)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-CertificateRevocationListFlag (Alias:Disable-CRLFlag)
Disable-InterfaceFlag
Disable-KeyRecoveryAgentFlag
Disable-PolicyModuleFlag
Enable-CertificateRevocationListFlag (Alias:Enable-CRLFlag)
Enable-InterfaceFlag
Enable-KeyRecoveryAgentFlag
Enable-PolicyModuleFlag
Get-ADKRACertificate
Get-AuthorityInformationAccess (Alias:Get-AIA)
Get-CACryptographyConfig
Get-CAExchangeCertificate
Get-CAKRACertificate
Get-CASchema
Get-CASecurityDescriptor (Alias:Get-CAACL)
Get-CATemplate
Get-CertificateContextProperty
Get-CertificateRequest
Get-CertificateRevocationList (Alias:Get-CRL)
Get-CertificateRevocationListFlag (Alias:Get-CRLFlag)
Get-CertificateTemplate
Get-CertificateTemplateAcl
Get-CertificateTrustList (Alias:Get-CTL)
Get-CertificateValidityPeriod
Get-CertificationAuthority
Get-CryptographicServiceProvider
Get-CryptographicServiceProviderCNG
Get-CryptographicServiceProviderEx (Alias:Get-Csp)
Get-CRLDistributionPoint (Alias:Get-CDP)
Get-CRLValidityPeriod
Get-DatabaseRow
Get-EnrollmentPolicyServerClient
Get-EnterprisePKIHealthStatus
Get-ErrorMessage
Get-ExtensionList
Get-FailedRequest
Get-InterfaceFlag
Get-IssuedRequest
Get-KeyRecoveryAgentFlag
Get-ObjectIdentifier (Alias:oid)
Get-ObjectIdentifierEx (Alias:oid2)
Get-PendingRequest
Get-PolicyModuleFlag
Get-RevokedRequest
Import-LostCertificate
Install-CertificationAuthority
New-SelfSignedCertificateEx
Ping-ICertInterface
Publish-CRL
Receive-Certificate
Register-ObjectIdentifier
Remove-AuthorityInformationAccess (Alias:Remove-AIA)
Remove-CAAccessControlEntry (Alias:Remove-CAACL)
Remove-CAKRACertificate
Remove-CATemplate
Remove-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateTemplate
Remove-CertificateTemplateAcl
Remove-CRLDistributionPoint (Alias:Remove-CDP)
Remove-DatabaseRow (Alias:Remove-Request)
Remove-ExtensionList
Restart-CertificationAuthority
Restore-CertificateRevocationListFlagDefault (Alias:Restore-CRLFlagDefault)
Restore-KeyRecoveryAgentFlagDefault
Restore-PolicyModuleFlagDefault
Revoke-Certificate
Set-AuthorityInformationAccess
Set-CACryptographyConfig
Set-CAKRACertificate
Set-CASecurityDescriptor (Alias:Set-CAACL)
Set-CATemplate
Set-CertificateExtension
Set-CertificateTemplateAcl
Set-CertificateValidityPeriod
Set-CRLDistributionPoint (Alias:Set-CDP)
Set-CRLValidityPeriod
Set-ExtensionList
Show-Certificate
Show-CertificateRevocationList (Alias:Show-CRL)
Show-CertificateTrustList (Alias:Show-CTL)
Start-CertificationAuthority
Start-PsFCIV
Stop-CertificationAuthority
Submit-CertificateRequest
Test-WebServerSSL
Uninstall-CertificationAuthority
Unregister-ObjectIdentifier

Project Roadmap

Project is under active development and for future plans you can check our official Roadmap (not yet definitive).

The following technologies and products were used to design this module:

↧

Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

August 8, 2016, 12:59 pm

≫ Next: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

≪ Previous: Updated Wiki: Home

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

Release notes in my weblog: https://www.sysadmins.lv/blog-en/powershell-pki-module-v326-is-out.aspx

Sources:
PowerShell Module: https://github.com/Crypt32/PSPKI
PKI.Core.dll: https://github.com/Crypt32/pkix.net
SysadminsLV.Asn1Parser.dll: https://github.com/Crypt32/Asn1DerParser.NET

↧

Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

August 8, 2016, 12:59 pm

≫ Next: Commented Unassigned: Maintain backwards compatibility and/or upgrade log [94]

≪ Previous: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

↧

Commented Unassigned: Maintain backwards compatibility and/or upgrade log [94]

August 9, 2016, 11:25 am

≫ Next: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

≪ Previous: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

Hello,

For future releases of the module and underlying .NET libraries, would it be possible to maintain backwards compatibility and, when not possible (technically or not), provide an UPGRADE file listing all compatibility breaks and how to fix them?

I maintain some scripts and modules relying on PSPKI for my company and for each release I have some incompatibilities that I have to trace down. Fixing them is even more complicated when the scripts are not centrally stored and executed instead directly on colleagues' workstations where they may not all have the same module version installed.

I understand this requires extra work for you and the module and libraries are provided without any warranty on backwards compatibility but it is more and more used in professional environments where long term compatibility is mandatory.

Best regards,
Jordan
Comments: FYI, since all sources are now on GitHub you can track all changes in changelogs.

↧

Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

August 11, 2016, 8:41 am

≫ Next: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

≪ Previous: Commented Unassigned: Maintain backwards compatibility and/or upgrade log [94]

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

↧

Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

August 11, 2016, 8:41 am

≫ Next: Updated Wiki: Home

≪ Previous: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

Installation guide:

Use default installation path to install this module for current user only.
To install this module for all users — enable "Install for all users" check-box in installation UI
if previous module installations are detected, they are removed during upgrade.

↧

Updated Wiki: Home

August 16, 2016, 1:14 am

≫ Next: Created Unassigned: Add support for ECC in Convert-PfxToPem [99]

≪ Previous: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

Project Description

This module is intended to simplify certain PKI management tasks by using automation with Windows PowerShell.

This module is intended for Certification Authority management. For local certificate store management you should consider to useQuest AD PKI cmdlets.

Module Requirements

Windows PowerShell 3.0
.NET Framework 4.0

This module can run on any of the specified operating system:

Windows Server 2008*/2008 R2/2012/2012 R2
Windows Vista**/7**/8**/8.1**/10**

*— Server Core installation is not supported.
**— with installed RSAT (Remote System Administration Tools)

Certification Authority requirements

This module supports Enterprise or Standalone Certification Authority servers that are running one the following operating system:

Windows Server 2003/2003 R2
Windows Server 2008 (including Server Core)
Windows Server 2008 R2 (including Server Core)
Windows Server 2012 (including Server Core)
Windows Server 2012 R2 (including Server Core)

Command list:

Full command list for the latest release:

Add-AuthorityInformationAccess (Alias:Add-AIA)
Add-CAAccessControlEntry (Alias:Add-CAACL)
Add-CAKRACertificate
Add-CATemplate
Add-CertificateEnrollmentPolicyService
Add-CertificateEnrollmentService
Add-CertificateTemplateAcl
Add-CRLDistributionPoint (Alias:Add-CDP)
Add-ExtensionList
Approve-CertificateRequest
Connect-CertificationAuthority (Alias:Connect-CA)
Convert-PemToPfx
Convert-PfxToPem
Deny-CertificateRequest
Disable-CertificateRevocationListFlag (Alias:Disable-CRLFlag)
Disable-InterfaceFlag
Disable-KeyRecoveryAgentFlag
Disable-PolicyModuleFlag
Enable-CertificateRevocationListFlag (Alias:Enable-CRLFlag)
Enable-InterfaceFlag
Enable-KeyRecoveryAgentFlag
Enable-PolicyModuleFlag
Get-ADKRACertificate
Get-AuthorityInformationAccess (Alias:Get-AIA)
Get-CACryptographyConfig
Get-CAExchangeCertificate
Get-CAKRACertificate
Get-CASchema
Get-CASecurityDescriptor (Alias:Get-CAACL)
Get-CATemplate
Get-CertificateContextProperty
Get-CertificateRequest
Get-CertificateRevocationList (Alias:Get-CRL)
Get-CertificateRevocationListFlag (Alias:Get-CRLFlag)
Get-CertificateTemplate
Get-CertificateTemplateAcl
Get-CertificateTrustList (Alias:Get-CTL)
Get-CertificateValidityPeriod
Get-CertificationAuthority
Get-CryptographicServiceProvider
Get-CryptographicServiceProviderCNG
Get-CryptographicServiceProviderEx (Alias:Get-Csp)
Get-CRLDistributionPoint (Alias:Get-CDP)
Get-CRLValidityPeriod
Get-DatabaseRow
Get-EnrollmentPolicyServerClient
Get-EnterprisePKIHealthStatus
Get-ErrorMessage
Get-ExtensionList
Get-FailedRequest
Get-InterfaceFlag
Get-IssuedRequest
Get-KeyRecoveryAgentFlag
Get-ObjectIdentifier (Alias:oid)
Get-ObjectIdentifierEx (Alias:oid2)
Get-PendingRequest
Get-PolicyModuleFlag
Get-RevokedRequest
Import-LostCertificate
Install-CertificationAuthority
New-SelfSignedCertificateEx
Ping-ICertInterface
Publish-CRL
Receive-Certificate
Register-ObjectIdentifier
Remove-AuthorityInformationAccess (Alias:Remove-AIA)
Remove-CAAccessControlEntry (Alias:Remove-CAACL)
Remove-CAKRACertificate
Remove-CATemplate
Remove-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateTemplate
Remove-CertificateTemplateAcl
Remove-CRLDistributionPoint (Alias:Remove-CDP)
Remove-DatabaseRow (Alias:Remove-Request)
Remove-ExtensionList
Restart-CertificationAuthority
Restore-CertificateRevocationListFlagDefault (Alias:Restore-CRLFlagDefault)
Restore-KeyRecoveryAgentFlagDefault
Restore-PolicyModuleFlagDefault
Revoke-Certificate
Set-AuthorityInformationAccess
Set-CACryptographyConfig
Set-CAKRACertificate
Set-CASecurityDescriptor (Alias:Set-CAACL)
Set-CATemplate
Set-CertificateExtension
Set-CertificateTemplateAcl
Set-CertificateValidityPeriod
Set-CRLDistributionPoint (Alias:Set-CDP)
Set-CRLValidityPeriod
Set-ExtensionList
Show-Certificate
Show-CertificateRevocationList (Alias:Show-CRL)
Show-CertificateTrustList (Alias:Show-CTL)
Start-CertificationAuthority
Start-PsFCIV
Stop-CertificationAuthority
Submit-CertificateRequest
Test-WebServerSSL
Uninstall-CertificationAuthority
Unregister-ObjectIdentifier

Project Roadmap

Project is under active development and for future plans you can check our official Roadmap (not yet definitive).

The following technologies and products were used to design this module:

↧

Created Unassigned: Add support for ECC in Convert-PfxToPem [99]

August 16, 2016, 4:48 am

≫ Next: Created Unassigned: Return thumbprint from New-SelfSignedCertificateEx [100]

≪ Previous: Updated Wiki: Home

I would like to see added support for Elliptic Curve Cryptography in the function Convert-PfxToPem.

The specific curves that I want support for is P-256 (secp256r1/prime256v1) and P-384 (secp384r1) seeing as these are the Elliptic Curves that Windows supports.

↧

Created Unassigned: Return thumbprint from New-SelfSignedCertificateEx [100]

September 8, 2016, 2:29 pm

≫ Next: New Post: PowerShell 5.0

≪ Previous: Created Unassigned: Add support for ECC in Convert-PfxToPem [99]

↧

New Post: PowerShell 5.0

September 9, 2016, 5:53 am

≫ Next: Commented Unassigned: Return thumbprint from New-SelfSignedCertificateEx [100]

≪ Previous: Created Unassigned: Return thumbprint from New-SelfSignedCertificateEx [100]

Hello

The PSPKI Module was installed on a Windows Server 2012 R2, with PowerShell 5.0.

PSPKI Module only can used with PowerShell 3.0?

PS C:\Windows\system32> Get-CertificationAuthority
Get-CertificationAuthority : The term 'Get-CertificationAuthority' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the
path is correct and try again.
At line:1 char:1

Get-CertificationAuthority
~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : ObjectNotFound: (Get-CertificationAuthority:String) [], CommandNotFoundException
- FullyQualifiedErrorId : CommandNotFoundException

Best Regards

↧

Commented Unassigned: Return thumbprint from New-SelfSignedCertificateEx [100]

September 11, 2016, 12:15 pm

≫ Next: New Post: PowerShell 5.0

≪ Previous: New Post: PowerShell 5.0

It would be great if New-SelfSignedCertificateEx could return a unique/identifying value such as thumbprint. Currently you have to use Get-ChildItem to query for the newly created certificate, which may return multiple items if there are one/more certificates in a given store with the same -DnsName value.
Comments: I made appropriate changes in sources: https://github.com/Crypt32/PSPKI/blob/master/PSPKI/Client/New-SelfSignedCertificateEx.ps1 now the command returns an instance of `X509Certificate2`.

↧