[This command requires installed Remote Server Administration Tools (RSAT)]
Name
Set-ExtensionList
SYNOPSIS
Sets certificate enabled/disabled extension lists.
SYNTAX
Set-ExtensionList [-InputObject] <ExtensionList[]> [-RestartCA] [<CommonParameters>]
DESCRIPTION
Sets certificate enabled/disabled extension lists.Extensions are sorted in 3 categories:
EnabledExtensionList - contains extensions that CA server will publish in each issued certificate upon request.
OfflineExtensionList - contains allowed extension list that CA server will publish in issued certificates when offline request is used.
DisabledExtensionList - contains extensions that will not be published in certificate even if this extension is specified in the request.
Note: additional information can be found at: http://technet.microsoft.com/library/cc740063(WS.10).aspx
PARAMETERS
-InputObject<ExtensionList[]>
Specifies existing ExtensionList object to process. This object can be retrieved by running eitherAdd-ExtensionList orRemove-ExtensionList command.
| Required? | True |
| Position? | 0 |
| Default value | |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | False |
-RestartCA<SwitchParameter>
Restarts CA service on the specified CA server to immediately apply changes.
| Required? | False |
| Position? | named |
| Default value | |
| Accept pipeline input? | false |
| Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
bout_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PKI.CertificateServices.PolicyModule.ExtensionList
OUTPUTS
PKI.CertificateServices.PolicyModule.ExtensionList
NOTES
Author: Vadims Podans
Blog: http://en-us.sysadmins.lv
EXAMPLES
-------------- Example 1 --------------
PS C:\> Get-CertificationAuthority -Name Company-CA | Get-ExtensionList | Add-ExtensionList -DisabledExtension "Certificate Template Name" | Set-ExtensionList -RestartCA
This command will add the 'Certificate Template Name' extension to restricted extension list. As the result CA server will not publish this extension in issued certificates. After configuration is changed, the command will restart certificate services to immediately apply changes.
-------------- Example 2 --------------
PS C:\> Get-CertificationAuthority -Name Company-CA | Remove-ExtensionList -OfflineExtension "Subject Alternative Name" | Set-ExtensionList -RestartCA
This will remove 'Subject Alternative Name' extension from allowed extensions in request. As the result CA server will ignore this extension in certificate request.
RELATED LINKS
Get-CertificationAuthority
Connect-CertificationAuthority
Get-ExtensionList
Remove-ExtensionList
Add-ExtensionList
PowerShell Requirements
- PowerShell 2.0
Operating System Requirements
- Windows Server 2003 all editions
- Windows Server 2008 all editions
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions