PowerShell Logo Small

Confirm-CAEndorsementKeyInfo



This is the built-in help made by Microsoft for the command 'Confirm-CAEndorsementKeyInfo', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Checks whether the local CA trusts secure hardware for key attestation.

SYNTAX


Confirm-CAEndorsementKeyInfo [-Certificate] <X509Certificate2> [<CommonParameters>]
Confirm-CAEndorsementKeyInfo [-PublicKeyHash] <String> [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Confirm-CAEndorsementKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for key
attestation. The cmdlet checks the endorsement key or certificate. An endorsement key is permanently embedded in the security hardware. The public portion of the endorsement
key helps to recognize genuine security hardware.


This cmdlet verifies whether the endorsement public certificate connects by means of a certificate chain to an anchor that the CA trusts for key attestation. Specify an X509
certificate by using the Certificate parameter.


This cmdlet checks whether the endorsement public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the
PublicKeyHash parameter.



<

RELATED LINKS


Online Version: http://go.microsoft.com/fwlink/?LinkID=290939

REMARKS

<

Examples


Example 1: Check an endorsement certificate

PS C:\>Confirm-CAEndorsementKeyInfo -Certificate Contoso87.cer

True



This command checks whether the endorsement certificate Contoso87.cer connects, by means of a certificate chain, to a trusted anchor. This example returns a value of $True.




Example 2: Check an endorsement key

PS C:\>Confirm-CAEndorsementKeyInfo -PublicKeyHash "1dd117facfbdcbd8713b9c588eef305e61ce3d8e3c6e21e6323a877476ecd167"

False



The command checks for the endorsement public certificate specified as an SHA-256 hash code. This example returns a value of $False. Therefore, the CA does not have this
public key.