Webinar: PKI Insights - The Most Common Misconfigurations in Today's PKI

PowerShell PKI Module Documentation

Documentation Home
This command requires installed Remote Server Administration Tools (RSAT)



Retrieves archived private key from AD CS Certification Authority database.


Get-RequestArchivedKey [-Request] <AdcsDbRow[]> [<CommonParameters>]


Retrieves archived private key from AD CS Certification Authority database when the client private key was archived using Private Key Archival process. Resulting object will represent encrypted BLOB which must be submitted to Key Recovery Agent (KRA) for key decryption and conversion to PKCS#12/PFX format. This command will fail if input request entry doesn't have archived private key or caller doesn't have Manage Certificates permissions on CA server.


-Request <AdcsDbRow[]>

Specifies the certificate request entry from AD CS Certification Authority database.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? False


This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).






Example 1

PS C:\> $blob = Get-CA -Name MyCa | Get-IssuedRequest -RequestID 100 | Get-RequestArchivedKey
PS C:\> Set-Content -Path C:\encrypted-key.p7b -Value $blob.RawData -Encoding Byte

Retrieves encrypted private key from CA server, request row ID=100 and stores in a variable. Second line, saves encrypted key blob into a file in a portable format to be used by Key Recovery Agent (KRA).

Related links


Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions