New-Certificate Cmdlet
Parameters Output Objects Configuration Settings
The New-Certificate component is used to create new X.509 certificates in a certificate store.
Syntax
New-Certificate [parameters]
Remarks
To create a new certificate in a store, the CertStore and CertStoreType parameters must be specified. You can also specify the CertStorePassword parameter if the store so requires it. Subject and SerialNumber would specify the subject and serial number of the new certificate.
If IssuerSubject is specified, the new certificate will be issued using the selected root certificate, which
must have a private key available. Otherwise, a self-signed certificate will be created.
# Create new certificate in the user store new-certificate -CertStore MY -CertStoreType User -Subject 'CN=Test' -SerialNumber 1235 -IssuerSubject $issuer
Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
| LogFile | The location of a file to which debug information is written. |
| CertStore | The name of the certificate store for the client certificate. |
| CertStorePassword | The password for the certificate store (if any). |
| CertStoreType | The type of certificate store for the client certificate. |
| Config | Specifies one or more configuration settings. |
| IssuerSubject | Specifies the subject of the issuer certificate. |
| LogFile | The location of a file to which debug information is written. |
| SerialNumber | Specifies the serial number. |
| Subject | Specifies the subject of the certificate to create. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
| Certificate | This object contains all the information about a certificate. |
Configuration Settings
The following is a list of configuration settings for the cmdlet with short descriptions. Click on the links for further details.
| CertComment | A comment to include in a saved certificate. |
| CertCustomExtensionCount | The number of records in the CertCustomExtension arrays. |
| CertCustomExtensionCritical[i] | Whether or not the extension is defined as critical. |
| CertCustomExtensionOID[i] | The ASN of the extension at index 'i'. |
| CertCustomExtensionValue[i] | The raw value of the extension at index 'i'. |
| CertExtendedKeyUsage | The extended key usage of the certificate. |
| CertKeyLength | The public key length for created certificates and keys. |
| CertKeyType | The types of keys created for new certificates. |
| CertPublicKeyAlgorithm | The public key algorithm used when a certificate is created. |
| CertSignatureAlgorithm | The signature algorithm used when creating certificates. |
| CertSubjectAltNames | Subject Alternative Names for creating or issuing certificates. |
| CertUsageFlags | Sets the flags indicating the usage of the created certificate. |
| CertValidityOffset | The number of days until the certificate becomes valid. |
| CertValidityTime | The validity period for the certificate. |
| CreatedKey | The PKCS8 formatted private and public key pair created after calling CreateKey. |
| CSP | The Cryptographic Service Provider. |
| CSRIgnoredExtensions | Extensions to be ignorned when signing a CSR. |
| CSRKey | The PKCS8 formatted private key to use when generating a CSR. |
| EncodeExportedCert | Whether the certificate being exported to a string is encoded. |
| ImportCertAction | Specified the action to take if a matching certificate or a link to a matching certificate already exists. |
| ImportCertStoreType | The type of certificate store being specified for import. |
| JWKAlgorithm | The JWK algorithm. |
| JWKExportX5C | Whether to export a certificate chain to the x5c parameter. |
| JWKKeyId | The JWK key Id. |
| JWKKeyOps | The JWK intended key operations list. |
| JWKUse | The JWK use parameter value. |
| KeyFormat | How the public and private key are formatted. |
| LogLevel | The level of detail that is logged. |
| ReplaceKey | Whether or not to replace an existing key when creating a new key. |
| RequestSubjectAltNames | Subject Alternative Names for a Certificate Signing Request. |
| X509Algorithm | Public Key Algorithm OID. |
| X509SignatureAlgorithm | Signature Algorithm OID. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |