We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home
This command requires installed Remote Server Administration Tools (RSAT)

Get-CAExchangeCertificate

Synopsis

Retrieves CA Exchange certificate from specified Certification Authority (CA)

Syntax

Get-CAExchangeCertificate [-CertificationAuthority] <CertificateAuthority[]> [[-Encoding] <EncodingType>] [-X509] [<CommonParameters>]

Description

Retrieves CA Exchange certificate from specified Certification Authority (CA).

CA Exchange certificate is used by key archival process. Client application retrieves this certificate from enrollment server and encrypts it using the client private key. Encrypted key is sent to CA by using enrollment transport.
Also PKIView.msc MMC snap-in relies on CA Exchange certificate to locate OCSP URLs in the AIA extensions.

In Windows Server 2003, CA Exchange certificate was used to retrieve all URLs configured by CA for AIA and CDP extensions.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-X509 <SwitchParameter>

This parameter returns CA Exchange certificate as an X509Certificate2 object.

If this parameter is True, 'Encoding' parameter is ignored.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Encoding <EncodingType>

Specifies output encoding format. This parameter supports Binary and Base64 encodings.

Binary encoding is a certificate DER-encoded byte array.
Base64 is a textually encoded DER-encoded byte array. Is commonly used for copy/pasting from console window. If '-X509' parameter is specified, this parameter is ignored.

Required? False
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

System.String

Certificate encoded in a Base64 string


System.Byte[]

Pure binary copy of the certificate


System.Security.Cryptography.X509Certificates.X509Certificate2

An X509Certificate2 object

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate

Returns the most recent CA Exchange certificate in a Base64 encoding.

Example 2

PS C:\> Get-CertificationAuthority ca01.company.com | Get-CAExchangeCertificate -Encoding Binary

Returns the most recent CA Exchange certificate in a DER-encoded byte array form.

Example 3

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CAExchangeCertificate -X509

Returns the most recent CA Exchange certificate as an X509Certificate2 object.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions