Webinar: PKI Insights - The Most Common Misconfigurations in Today's PKI
Schedule a Demo
Blog August 3, 2020 PKI, PowerShell, PSPKI

PowerShell PKI Module (PSPKI) v3.7

by Vadims Podāns

Hello everyone, I’m excited to announce a public availability of PowerShell PKI module v3.7. New version is a big work around various aspects such as Microsoft Online Responder management, security descriptors. Here is a summary of what we’ve done.

Person sitting at a laptop while viewing the PKI Spotlight Dashboard.

Expand Your PKI Visibility

Discover why seeing is securing with revolutionary PKI monitoring and alerting.

Learn More About PKI Spotlight®

PowerShell Module

Compatibility

We have added syntax compatibility with PowerShell 6.x and newer PowerShell versions.

New commands

With this version, we start remote Microsoft Online Responder (implementation of OCSP server) management support in PowerShell. We have added a set of new commands to manage Online Responder:

Renamed commands

To follow PowerShell command naming convention, the following commands were renamed:

Old name New name
Get-CASecurityDescriptor Get-CertificationAuthorityAcl
Add-CAAccessControlEntry Add-CertificationAuthorityAcl
Remove-CAAccessControlEntry Remove-CertificationAuthorityAcl
Set-CASecurityDescriptor Set-CertificationAuthorityAcl
Get-CASchema Get-CertificationAuthorityDbSchema

You still can access these commands via old names (they are aliases), but they will be removed in next PSPKI version.

Changes in existing commands

We have re-styled and unified syntax for Access Control List (ACL) management commands. Since now, all ACL-related commands implement standard .NET security descriptor classes (CommonObjectSecurity). A full list of changes in existing cmdlets are shown in the table:

Command name Changes
Add-CertificateTemplateAcl

Add-CertificationAuthorityAcl

  • Changed types for -InputObject, -AccessMask parameters and return value
  • Renamed -User parameter to -Identity
Get-CertificationAuthorityAcl

Get-CertificationAuthorityAcl

Changed type for return value
Remove-CertificateTemplateAcl

Remove-CertificationAuthorityAcl

  • Changed type for -InputObject and return value
  • Renamed -User parameter to -Identity
  • Added -Force switch
Remove-CertificateTemplateAcl

Remove-CertificationAuthorityAcl

  • Changed type for -InputObject and return value
Get-CertificationAuthority
  • Added -Enterprise and -Standalone switch parameters-InputObject

Bug fixes

The following GitHub items were fixed:

API Changes

New API
We have added lots of new APIs in the following namespaces

Removed API

We removed a set of legacy APIs that were marked Obsolete:

  • Method: PKI.CertificateServices.CertificateAuthority.GetSchema()
  • Method: PKI.CertificateServices.CertificateAuthority.GetCA()
  • Class: PKI.CertificateServices.DB.AdcsDbValue
  • Class: PKI.CertificateServices.DB.DataTypeEnum
  • Class: PKI.CertificateServices.DB.RequestRow
  • Class: PKI.CertificateServices.DB.Schema
  • Class: PKI.CertificateServices.DB.TableList
  • Class: PKI.ServiceProviders.ALG_ID
  • Class: PKI.ServiceProviders.ALG_IDCollection
  • Class: PKI.ServiceProviders.ALG_ID_CNG
  • Class: PKI.ServiceProviders.ALG_ID_CNGCollection
  • Class: PKI.ServiceProviders.Csp
  • Class: PKI.ServiceProviders.CspCNG
  • Class: PKI.ServiceProviders.CspCNGCollection
  • Class: PKI.ServiceProviders.CspCollection
  • Class: PKI.ServiceProviders.CspLegacy
  • Class: PKI.ServiceProviders.CspObject
  • Class: PKI.ServiceProviders.ProviderAlgorithm
  • Class: PKI.Security.AccessControlEntry2
  • Class: PKI.Security.AccessControlEntry2
  • Class: PKI.Security.SecurityDescriptor
  • Class: PKI.Security.AccessControlEntry2

Obsolete API

We marked a set of API with Obsolete attribute:

  • Ctor: PKI.CertificateServices.CertificateAuthority(String, String) moved to PKI.CertificateServices.CertificateAuthority.Connect() static method.
  • Prop: PKI.CertificateServices.CertificateAuthority.BaseCRL moved to GetBaseCRL() instance method
  • Prop: PKI.CertificateServices.CertificateAuthority.DeltaCRL moved to GetDeltaCRL() instance method
  • Prop: PKI.CertificateServices.CertificateAuthority.EnrollmentServiceURI renamed to EnrollmentEndpoints
  • Prop: SysadminsLV.PKI.Management.ActiveDirectory.DsCertEnrollContainer.CertificationAuthorities renamed EnrollmentServers

We will remove these APIs in next versions.

Download

As always:

Related Resources

  • Blog Graphic with a gold background with the Globee Awards Gold Winner logo for Public Key Infrastructure PKI Cybersecurity.
    May 10, 2024

    Globee Awards Gold Winner in PKI Cybersecurity!

    PKI, PKI Spotlight
  • Blog a shield with a lock on it representing pki and certificates with several other locks and cybersecurity components in the background
    May 1, 2024

    Strengthening Security with Centralized MFA Integration

    MFA, PKI, PKI Spotlight
  • Blog
    April 29, 2024

    PKI Insights Recap – PKI Posture Management for Digital Certificates

    Digital Certificates, PKI, PKI Insights

Vadims Podāns

PKI Software Architect

View All Posts by Vadims Podāns

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *