We're headed to GridSecCon 2024, October 22-25 in Minneapolis, MN! Learn more here

PowerShell PKI Module Documentation

Documentation Home

Get-CRLValidityPeriod

Synopsis

Retrieves CRL validity period.

Syntax

Get-CRLValidityPeriod [-CertificationAuthority] <CertificateAuthority[]> [<CommonParameters>]

Description

Retrieves CRL validity period and overlap settings. Overlap settings allows extension of CRL validity period for a certain time when you experience large (several hours) AD/DFS replication delays.

Parameters

-CertificationAuthority <CertificateAuthority[]>

Specifies the particular Certification Authority. This object can be retrieved by running Get-CertificationAuthority command.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CertificateAuthority

Outputs

PKI.CertificateServices.CRLValidityPeriod

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name "Company-CA" | Get-CRLValidityPeriod

Returns CRL validity period settings for 'Company-CA' CA server.

Example 2

PS C:\> Get-CertificationAuthority | Get-CRLValidityPeriod

Returns CRL validity period settings for all Enterprise CA servers.

Example 3

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -BaseCRL "22 weeks" -BaseCRLOverlap "2 days" -RestartCA

Sets Base CRL publishing period as 22 weeks and overlap delay as 2 days. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 4

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -DeltaCRL "0 days" -RestartCA

Disables Delta CRL publishing for all Certification Authorities in current forest. After configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Set-CRLValidityPeriod

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions