Get-Certificate Cmdlet
Parameters Output Objects Configuration Settings
The Get-Certificate cmdlet is used to list X.509 certificates in a certificate store.
Syntax
Get-Certificate [parameters]
Remarks
To list certificates in a store, the CertStore and CertStoreType parameters must be specified. You can also specify the CertStorePassword parameter if the store so requires it.
To get detailed information about a specific certificate in the store, do the same but also
specify the Subject parameter with the full subject of the certificate you want to examine.
# List all root certificates in the user storeget-certificate -CertStore Root -CertStoreType User# Get details about a specific root certificateget-certificate -CertStore Root -CertStoreType User -Subject 'C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority'Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
| LogFile | The location of a file to which debug information is written. |
| CertStore | The name of the certificate store for the client certificate. |
| CertStorePassword | The password for the certificate store (if any). |
| CertStoreType | The type of certificate store for the client certificate. |
| Config | Specifies one or more configuration settings. |
| LogFile | The location of a file to which debug information is written. |
| Subject | Specifies the subject of the certificate to get. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
| Certificate | This object contains all the information about a certificate. |
| CertificateEntry | This object is returned for each certificate located in a store. |
Configuration Settings
The following is a list of configuration settings for the cmdlet with short descriptions. Click on the links for further details.
| CertComment | A comment to include in a saved certificate. |
| CertificateOutputFormat | The format of the certificate to save. |
| CertKeyLength | The public key length for created certificates and keys. |
| CertKeyType | The types of keys created for new certificates. |
| CertPublicKeyAlgorithm | The public key algorithm used when a certificate is created. |
| CertSignatureAlgorithm | The signature algorithm used when creating certificates. |
| CertValidityTime | The validity period for the certificate. |
| CertValidityOffset | The number of days until the certificate becomes valid. |
| CSP | The Cryptographic Service Provider. |
| ExportedCert | The exported certificate file. |
| ExportFormat | The format of the exported certificate. |
| ImportCertAction | Specified the action to take if a matching certificate or a link to a matching certificate already exists. |
| JWKAlgorithm | The JWK algorithm. |
| JWKKeyId | The JWK key Id. |
| JWKKeyOps | The JWK intended key operations list. |
| JWKUse | The JWK use parameter value. |
| KeyFormat | How the public and private key are formatted. |
| ReplaceKey | Whether or not to replace an existing key when creating a new key. |
| RequestSubjectAltNames | Subject Alternative Names for a Certificate Signing Request. |
| SavedCert | The saved certificate file. |
| SubjectAltNames | Subject Alternative Names for creating or issuing certificates. |
| UseBackgroundThread | Whether threads created by the cmdlet are background threads. |
| UseInternalSecurityAPI | Tells the cmdlet whether or not to use the system security libraries or an internal implementation. |