NetCmdlets 2016
NetCmdlets 2016
Questions / Feedback?

Export-Certificate Configuration

The cmdlet accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the cmdlet, access to these internal properties is provided through the Config method.

ExportCertificate Configuration Settings

CertificateOutputFormat:   The format of the output certificate.

This setting controls the format of the public key when PublicKeyOnly is specified. Possible values are "PEM", "P7B", "SSH2PublicKey", or "OpenSSHPublicKey". The default value is "PEM".

CertMgr Configuration Settings

CertComment:   A comment to include in a saved certificate.

This settings specified the comment to use when calling SaveCertificate. This can only be used when CertificateOutputFormat is set to a value other than the default value. When CertificateOutputFormat is set to "SSH2PublicKey" the value of this setting should be the full header. For instance: "Comment: My Comment".

CertificateOutputFormat:   The format of the certificate to save.

By default when SaveCertificate is called the certificate will be written in a PEM format. The format may be changed by setting CertificateOutputFormat to one of the following values:

"PEM" (default) A PEM formatted public certificate. Example:
-----BEGIN CERTIFICATE-----
MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTAzEwMDAgFw0wNzAx
...
Pg49SpQ+HcUibIpum2O0hmnySH7BPGfXD8Lu
-----END CERTIFICATE-----
"SSH2PublicKey" A SSH2 formated public key. Example:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3y
...
6bVPTODELil1PVWJDlfdwoLZZKY2ACFHzxBqaOlYv1rbd2JIYAuqGca2ow==
---- END SSH2 PUBLIC KEY ----
"OpenSSHPublicKey" An OpenSSH formatted public key. Example:
ssh-rsa AAAAB3NzaC1y...
"XML" A XML file containing the public certificate. Example:
<X509Data><X509Certificate>MIIBkTCB+6ADAgECAgEBMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTAzEwMDAgFw0wNzAx
...
Pg49SpQ+HcUibIpum2O0hmnySH7BPGfXD8Lu</X509Certificate></X509Data>

CertKeyLength:   The public key length for created certificates and keys.

When CreateCertificate creates a new certificate and associated key, or when CreateKey creates a key, this setting determines the length of the new public key (in bits). The default value is 1024.

CertKeyType:   The types of keys created for new certificates.

When CreateCertificate creates a new certificate and associated key, or when CreateKey creates a key, this setting determines the type of key generated: 1 for key exchange (encryption) keys, and 2 for digital signature keys. The default value is 1.

CertSignatureAlgorithm:   The signature algorithm used when creating certificates.

When CreateCertificate or IssueCertificate creates a new certificate, the signature algorithm used is specified by this setting. Possible values are:

  • MD2
  • MD5
  • SHA1
  • SHA256 (default)
  • SHA384
  • SHA512

CertValidityTime:   The validity period for the certificate.

This configuration setting determines the duration in days that a newly created certificate remains valid. The certificate becomes valid as soon as it is created, unless CertValidityOffset is set. The duration is not changed if CertValidityOffset is set; the certificate will still expire CertValidityTime days after the validity period begins. The default value is 365 days.

CertValidityOffset:   The number of days until the certificate becomes valid.

This configuration setting can be used to change when a newly created certificate becomes valid. By default, the certificate is valid as soon as it is created. Set CertValidityOffset to the number of days that this starting period should be offset from the current day. This setting also accepts negative values for back-dating the validity of a certificate. The default value is 0.

CSP:   The Cryptographic Service Provider.

The name of the Cryptographic Service Provider used to provide access to certificate signing operations.

ExportedCert:   The exported certificate file.

This setting holds the certificate data that is exported when ExportCertificate is called with an empty CertFile parameter. If ExportFormat is set to "PFX" this setting holds the hex encoded PFX file data. If ExportFormat is set to any other value this holds the raw certificate content (not encoded).

ExportFormat:   The format of the exported certificate.

By default when ExportCertificate is called the certificate will be written as a PFX file. The format of the exported certificate may be changed by setting ExportFormat to one of the following values:

"PFX" or "PKCS12" (default) A PFX file (PKCS12).
"PEM" or "PKCS1" A PEM formatted PKCS1 private key file. Example:
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQD5/STHUd7YkN1JyoyYnUvCf+Fyx1+ZleBJxvwDcm3yaZ98bvry
...
91y8ydb3mQ9l1hZudo2sj8tHnvEgph0r7B8hMM6Qaw==
-----END RSA PRIVATE KEY-----
"PKCS8" A PEM formatted PKCS8 private key file. Example:
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAPn9JMdR3tiQ3UnK
...
HSvsHyEwzpBr
-----END PRIVATE KEY-----

Note: On Linux/Unix the PFX/PKCS12 format is not supported. On Unix/Linux the default format is "PEM".

Note: ExportCertificate is not support on macOS.

ImportCertAction:   Specified the action to take if a matching certificate or a link to a matching certificate already exists.

When calling ImportCertificate if a matching certificate or a link to a matching certificate already exists in the Windows certificate store this setting governs what action will be taken. Possible values are:

1CERT_STORE_ADD_NEW - Imports a certificate only if no existing certificate is present.
2CERT_STORE_ADD_USE_EXISTING - If an existing certificate is found, it is not replaced.
3 (default)CERT_STORE_ADD_REPLACE_EXISTING - If an existing certificate is found it is replaced.
4CERT_STORE_ADD_ALWAYS - No checks are performed and a new certificate is always added to the store. This can result in duplicates.
5CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES - If an existing certificate is found it is replaced, and the new certificate inherits properties from the certificate it replaces.
6CERT_STORE_ADD_NEWER - Imports a certificate only if the certificate is newer than an existing matching certificate.
7CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES - Imports a certificate only if the certificate is newer than an existing matching certificate, and inherits the properties of old certificate it replaces.

KeyFormat:   How the public and private key are formatted.

This setting controls the format of CertPublicKey and CertPrivateKey. By default these properties hold PEM formatted public and private key data. When set to 1 (XML) the keys are stored in a XML format. This only affects the values returned by the cmdlet; the actual keys remain the same regardless of this setting. Possible values are:

  • 0 (PEM - default)
  • 1 (XML)
The default value is 0 (PEM).
ReplaceKey:   Whether or not to replace an existing key when creating a new key.

If this is false (default), the component will throw an error if a duplicate key exists while generating a new keyset using CreateKey. If set to true, the component will replace a key if it already exists when generating new keys.

RequestSubjectAltNames:   Subject Alternative Names for a Certificate Signing Request.

This allows Subject Alternative Names to be added to a Certificate Signing request. The setting only supports email, DNS, URI, and IPv4 addresses. Separate alternative names should be separated by commas. For example:

string altNames = "email:copy,dns:domain.com,dns.1:other.domain.com,uri:http://www.domain.com,ip:192.168.1.102"

SubjectAltNames:   Subject Alternative Names for creating or issuing certificates.

This allows the Subject Alternative Names extension to be specified when creating or issuing a certificate via CreateCertificate or IssueCertificate. This setting only supports email, DNS, URI, and IPv4 addresses. Separate alternative names should be separated by commas. For example:

string altNames = "email:copy,dns:domain.com,dns.1:other.domain.com,uri:http://www.domain.com,ip:192.168.1.102"

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
NetCmdlets 2016 - Version 16.0 [Build 6335]