Get-CRLDistributionPoint

Synopsis

Retrieves specified Certification Authority Certificate Distribution Points (CDP) URLs

Syntax

Get-CRLDistributionPoint [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves specified Certification Authority Certificate Distribution Points (CDP) URLs.

CDP extension is used by certificate chaining engine (CCE) to determine particular certificate revocation status. CDP extension consist of two parts:

– physical path that is used by Certification Authority (CA) to publish CRL files. These paths are not published in the certificate CDP extension.
– URL (URI) that is used by CA to publish in issued certificates for CRL retrieval.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.CRLDistributionPoint

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name RootCA | Get-CrlDistributionPoint

Retrieves CRL distribution points from 'RootCA' Certification Authority.

Example 2

PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint

Retrieves CDP info from all Certification Authorities in the current forest.

Example 3

PS C:\> Get-CertificationAuthority RootCA | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "6:http://crl.domain.com/%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA

This example will add new CDP URI to certificate CDP for 'RootCA' CA server. Also this will add new URI in Freshest CRL in CRL CDP to locate corresponding Delta CRL. After command completion CA services will be restarted to immediately apply changes.

Example 4

PS C:\> Get-CertificationAuthority | Get-CrlDistributionPoint | Add-CrlDistributionPoint -NewURI "65:\\ServerName\crlfile%9.crl", "65:C:\CertData\%3%8%9.crl" | Set-CrlDistributionPoint -RestartCA

This example will add new paths for Base and Delta CRL file publication for all CAs in the current forest. This will not add any new URIs in certificate CDP extension, but instructs CA to publish physical CRL files to specified locations. After command completion CA services will be restarted to immediately apply changes.

Example 5

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*c:\windows*" | Set-CrlDistributionPoint -RestartCA

This example will remove all CDP URIs that contains "c:\windows" pattern. After command completion certificate services will be restarted to immediately apply changes.

Example 6

PS C:\> Get-CertificationAuthority -Name MyCA | Get-CrlDistributionPoint | Remove-CrlDistributionPoint -URI "*ldap://*" | Set-CrlDistributionPoint -RestartCA

This example will remove all URIs that are used for CRL file publication and/or retrieval from Active Directory. After command completion certificate services will be restarted to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Add-CRLDistributionPoint
Remove-CRLDistributionPoint
Set-CRLDistributionPoint

Minimum PowerShell version support

• Windows PowerShell 3.0

Operating System Support

• Windows 7
• Windows 8
• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2008 R2 all editions
• Windows Server 2012 all editions
• Windows Server 2012 R2 all editions
• Windows Server 2016 all editions
• Windows Server 2019 all editions
• Windows Server 2022 all editions