The Get-Certificate cmdlet is a powerful Windows PowerShell command that enables you to retrieve certificates from the local computer store, a remote computer store, or an online certificate authority. This command can be used to retrieve certificates from a variety of sources, including the Windows Certificate Store, Active Directory, and the Internet. It can also be used to generate new certificates, renew existing certificates, and delete certificates.
The Get-Certificate cmdlet is a versatile tool that can be used for a variety of tasks, such as retrieving certificates from the local computer store, a remote computer store, or an online certificate authority. It can also be used to generate new certificates, renew existing certificates, and delete certificates. In addition, it can be used to export certificates to a file or to a certificate store.
Syntax
The syntax for the Get-Certificate cmdlet is as follows:
Get-Certificate [-StoreLocation] <String> [-StoreName] <String> [-Thumbprint] <String> [-Subject] <String> [-Issuer] <String> [-NotAfter] <DateTime> [-NotBefore] <DateTime> [-FriendlyName] <String> [-Path] <String> [-Exportable] <SwitchParameter> [-Force] <SwitchParameter> [-WhatIf] <SwitchParameter> [-Confirm] <SwitchParameter> [<CommonParameters>]
Parameters
The Get-Certificate cmdlet has the following parameters:
Parameter | Description |
---|---|
StoreLocation | Specifies the location of the certificate store. Valid values are CurrentUser, LocalMachine, and WebHosting. |
StoreName | Specifies the name of the certificate store. Valid values are My, Root, TrustedPublisher, and WebHosting. |
Thumbprint | Specifies the thumbprint of the certificate to retrieve. |
Subject | Specifies the subject of the certificate to retrieve. |
Issuer | Specifies the issuer of the certificate to retrieve. |
NotAfter | Specifies the expiration date of the certificate to retrieve. |
NotBefore | Specifies the start date of the certificate to retrieve. |
FriendlyName | Specifies the friendly name of the certificate to retrieve. |
Path | Specifies the path to the file to which the certificate will be exported. |
Exportable | Specifies whether the certificate is exportable. |
Force | Forces the cmdlet to run without prompting for confirmation. |
WhatIf | Shows what would happen if the cmdlet runs. |
Confirm | Prompts for confirmation before running the cmdlet. |
Inputs
The Get-Certificate cmdlet does not accept input from the pipeline.
Outputs
The Get-Certificate cmdlet returns a certificate object.
Examples
The following example retrieves a certificate from the local computer store:
Get-Certificate -StoreLocation LocalMachine -StoreName My -Thumbprint <Thumbprint>
The following example retrieves a certificate from Active Directory:
Get-Certificate -StoreLocation ActiveDirectory -StoreName My -Subject <Subject>
The following example retrieves a certificate from an online certificate authority:
Get-Certificate -StoreLocation WebHosting -StoreName My -FriendlyName <FriendlyName>
Tips
When using the Get-Certificate cmdlet, there are a few tips to keep in mind:
- Always specify the StoreLocation parameter when using the Get-Certificate cmdlet.
- If you are retrieving a certificate from Active Directory, you must specify the Subject parameter.
- If you are retrieving a certificate from an online certificate authority, you must specify the FriendlyName parameter.
- If you are exporting a certificate to a file, you must specify the Path parameter.
- If you are retrieving a certificate from the local computer store, you must specify the Thumbprint parameter.
- If you are retrieving a certificate from an online certificate authority, you must specify the Exportable parameter.
Conclusion
The Get-Certificate cmdlet is a powerful Windows PowerShell command that enables you to retrieve certificates from the local computer store, a remote computer store, or an online certificate authority. It can also be used to generate new certificates, renew existing certificates, and delete certificates. By following the syntax and parameters outlined in this article, you can easily use the Get-Certificate cmdlet to manage certificates on your Windows system.