This is the built-in help made by Microsoft for the command 'Get-Certificate', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Submits a certificate request to an enrollment server and installs the response or retrieves a certificate for a previously submitted request.
Get-Certificate [-CertStoreLocation <String>] [-Credential <PkiCredential>] [-DnsName <String[]>] [-SubjectName <String>] [-Url <Uri>] -Template <String> [-Confirm]
[-WhatIf] [<CommonParameters>]
Get-Certificate [-Credential <PkiCredential>] -Request <Certificate> [-Confirm] [-WhatIf] [<CommonParameters>]
The Get-Certificate cmdlet can be used to submit a certificate request and install the resulting certificate, install a certificate from a pending certificate request, and
enroll for ldap. If the request is issued, then the returned certificate is installed in the store determined by the CertStoreLocation parameter and return the certificate
in the EnrollmentResult structure with status Issued. If the request is made pending, then the request is installed in the machine REQUEST store and a request is returned in
the EnrollmentResult structure with status Pending.
This cmdlet can be used in a Stateless mode where this cmdlet does not look up anything in the vault or in a Stateful mode where it looks at registered certificate
enrollment policy servers by identifier (ID) and credential. When used with a request object and no credential, this cmdlet will look up credentials in the vault based on
the URL for the enrollment policy server.
This cmdlet will not accept a policy server identifier (ID). If a URL is not specified, then only the default certificate enrollment policy ID is used and the cmdlet will
attempt to obtain policy information from any of its URLs.
Delegation may be required when using this cmdlet with Windows PowerShell® remoting and changing user configuration.
<
Online Version: http://go.microsoft.com/fwlink/p/?linkid=287528
Get-ChildItem
Get-Credential
Set-Location
<
EXAMPLE 1
PS C:\>$up = Get-Credential
PS C:\>Get-Certificate -Template SslWebServer -DnsName www.contoso.com,www.fabrikam.com -Url https://www.contoso.com/Policy/service.svc -Credential $up -CertStoreLocation
cert:\LocalMachine\My
This example submits a certificate request for the SslWebServer template to the specific URL using the user name and password credentials. The request will have two DNS
names in it. This is for a certificate in the machine store. If the request is issued, then the returned certificate is installed in the machine MY store and the certificate
in the EnrollmentResult structure is returned with the status Issued. If the request is made pending, then the request is installed in the machine REQUEST store and the
request in the EnrollmentResult structure is returned with the status Pending.
EXAMPLE 2
PS C:\>$cert = ( Get-ChildItem -Path cert:\LocalMachine\My\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF )
PS C:\>$enrollResult = Get-Certificate -Template SslWebServer -DnsName www.contoso.com -Url https://www.contoso.com/policy/service.svc -Credential $cert -CertStoreLocation
cert:\LocalMachine\My
This example submits a certificate request to a specific URL using the certificate credential for authentication.
EXAMPLE 3
PS C:\>Set-Location -Path cert:\LocalMachine\My
PS C:\>$enrollResult = ( Get-Certificate -Template WorkstationTemplate -Url https://www.contoso.com/service.svc )
This example authenticates the URL using the machine account and Windows integrated authentication and submits a request for a machine certificate of template named
WorkstationTemplate.
EXAMPLE 4
PS C:\>Set-Location -Path cert:\CurrentUser\My
PS C:\>Get-Certificate -Template User -Url ldap:
This example uses Windows integrated authentication to enroll for a certificate of template User using direct DCOM calls to the CA.
EXAMPLE 5
PS C:\>$request = (Get-ChildItem -Path cert:\LocalMachine\Request\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF)
PS C:\>$up = Get-Credential
PS C:\>Get-Certificate -Request $request -Credential $up
This example retrieves and submits a pending request using a user name and password as credentials.
EXAMPLE 6
PS C:\>$request = (Get-ChildItem -Path cert:\LocalMachine\Request\EEDEF61D4FF6EDBAAD538BB08CCAADDC3EE28FF)
PS C:\>Get-Certificate -Request $request
This example retrieves the certificate identified by $request. If the authentication type for $request.EnrollmentServer.AuthType is not Kerberos, then look in the credential
store to see if there is a credential for $request.EnrollmentServer.Url. If there is a credential, then use it. If there is no credential, then Windows PowerShell® will
request it (if Windows PowerShell is in Interactive mode).