This is the built-in help made by Microsoft for the command 'Test-Certificate', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Verifies a certificate according to the input parameters.
Test-Certificate [-Cert] <Certificate> [-AllowUntrustedRoot [<SwitchParameter>]] [-DNSName <String>] [-EKU <String>] [-Policy
<TestCertificatePolicy>] [-User [<SwitchParameter>]] [<CommonParameters>]
The Test-Certificate cmdlet verifies a certificate according to input parameters. The revocation status of the certificate is verified by
default. If the AllowUntrustedRoot parameter is specified, then a certificate chain is built but an untrusted root is allowed. Other errors
are still verified against in this case, such as expired. If the DNSName parameter is used, then the DNS subject alternative name is used to
verify SSL policy. If the EKU parameter is used, then the specified application policy object identifiers are used to verify the chain. If the
User parameter is used, then the specified user context is used is to build and verify the chain.
Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.
<
<
EXAMPLE 1
PS C:\> Get-ChildItem -Path Cert:\localMachine\My | Test-Certificate -Policy SSL -DNSName "dns=contoso.com"
This example verifies each certificate in the MY store of the local machine and verifies that it is valid for SSL with the DNS name specified.
EXAMPLE 2
PS C:\> Test-Certificate –Cert cert:\currentuser\my\191c46f680f08a9e6ef3f6783140f60a979c7d3b -AllowUntrustedRoot -EKU "1.3.6.1.5.5.7.3.1" –User
This example verifies that the provided EKU is valid for the specified certificate and its chain. Revocation checking is not performed.