This module is intended to simplify various PKI and Active Directory Certificate Services management tasks by using automation with Windows PowerShell.
This module is intended for Certification Authority management. For local certificate store management you should consider to use Quest AD PKI cmdlets.
Starting with Windows 8/Windows Server 2012, a PKI module is installed along with AD CS Remote Server Administration Tools. This module is maintained by Microsoft. PSPKI is open-source community module and uses completely different codebase.
All documentation is available at PKI Solutions: PowerShell PKI Module
Install-Module -Name PSPKI
- Windows PowerShell 3.0 or higher
- .NET Framework 4.7.2 or higher
This module can run on any of the specified operating system:
- Windows Server 2008 R2/2012/2012 R2/2016/2019/2022
- Windows 7/8/8.1/10/11
Module installation requires installed AD CS RSAT (Remote System Administration Tools for Active Directory Certificate Services)
This module supports Enterprise or Standalone Certification Authority (CA) servers that are running one the following operating systems:
- Windows Server 2003/2003 R2
- Windows Server 2008 (including Server Core)
- Windows Server 2008 R2 (including Server Core)
- Windows Server 2012 (including Server Core)
- Windows Server 2012 R2 (including Server Core)
- Windows Server 2016 (including Server Core)
- Windows Server 2019 (including Server Core)
- Windows Server 2022 (including Server Core)
This module supports Online Certificate Status Protocol (OCSP) servers that are running one the following operating systems:
- Windows Server 2008 Enterprise (Full Installation)
- Windows Server 2008 R2 Enterprise (Full Installation)
- Windows Server 2012 (including Server Core)
- Windows Server 2012 R2 (including Server Core)
- Windows Server 2016 (including Server Core)
- Windows Server 2019 (including Server Core)
- Windows Server 2022 (including Server Core)
- Add-AdCertificate
- Add-AdCertificateRevocationList (Alias: Add-AdCrl)
- Add-AuthorityInformationAccess (Alias: Add-AIA)
- Add-CAKRACertificate
- Add-CATemplate
- Add-CertificateTemplateAcl
- Add-CertificationAuthorityAcl (Alias: Add-CAAccessControlEntry Add-CAACL)
- Add-CRLDistributionPoint (Alias: Add-CDP)
- Add-ExtensionList
- Add-OnlineResponderAcl (Alias: Add-OCSPACL)
- Add-OnlineResponderArrayMember
- Add-OnlineResponderLocalCrlEntry
- Add-OnlineResponderRevocationConfiguration
- Approve-CertificateRequest
- Connect-CertificationAuthority (Alias: Connect-CA)
- Connect-OnlineResponder
- Convert-PemToPfx
- Convert-PfxToPem
- Deny-CertificateRequest
- Disable-CertificateRevocationListFlag (Alias: Disable-CRLFlag)
- Disable-InterfaceFlag
- Disable-KeyRecoveryAgentFlag (Alias: Disable-KRAFlag)
- Disable-PolicyModuleFlag
- Enable-CertificateRevocationListFlag (Alias: Enable-CRLFlag)
- Enable-InterfaceFlag
- Enable-KeyRecoveryAgentFlag (Alias: Enable-KRAFlag)
- Enable-PolicyModuleFlag
- Get-AdcsDatabaseRow (Alias: Get-DatabaseRow)
- Get-ADKRACertificate
- Get-AdPkiContainer
- Get-AuthorityInformationAccess (Alias: Get-AIA)
- Get-CACryptographyConfig
- Get-CAExchangeCertificate
- Get-CAKRACertificate
- Get-CATemplate
- Get-CertificateContextProperty
- Get-CertificateRequest
- Get-CertificateRevocationList (Alias: Get-CRL)
- Get-CertificateRevocationListFlag (Alias: Get-CRLFlag)
- Get-CertificateTemplate
- Get-CertificateTemplateAcl
- Get-CertificateTrustList (Alias: Get-CTL)
- Get-CertificateValidityPeriod
- Get-CertificationAuthority (Alias: Get-CA)
- Get-CertificationAuthorityAcl (Alias: Get-CAACL Get-CASecurityDescriptor)
- Get-CertificationAuthorityDbSchema
- Get-CryptographicServiceProvider (Alias: Get-Csp)
- Get-CRLDistributionPoint (Alias: Get-CDP)
- Get-CRLValidityPeriod
- Get-EnrollmentPolicyServerClient
- Get-EnterprisePKIHealthStatus
- Get-ErrorMessage
- Get-ExtensionList
- Get-FailedRequest
- Get-InterfaceFlag
- Get-IssuedRequest
- Get-KeyRecoveryAgentFlag (Alias: Get-KRAFlag)
- Get-ObjectIdentifier (Alias: oid)
- Get-ObjectIdentifierEx (Alias: oid2)
- Get-OnlineResponderAcl (Alias: Get-OCSPACL)
- Get-OnlineResponderRevocationConfiguration
- Get-PendingRequest
- Get-PolicyModuleFlag
- Get-RevokedRequest
- Import-LostCertificate
- New-SelfSignedCertificateEx
- Ping-ICertInterface
- Publish-CRL
- Receive-Certificate
- Register-ObjectIdentifier
- Remove-AdCertificate
- Remove-AdCertificateRevocationList (Alias: Remove-AdCrl)
- Remove-AdcsDatabaseRow (Alias: Remove-Request)
- Remove-AuthorityInformationAccess (Alias: Remove-AIA)
- Remove-CAKRACertificate
- Remove-CATemplate
- Remove-CertificateTemplate
- Remove-CertificateTemplateAcl
- Remove-CertificationAuthorityAcl (Alias: Remove-CAAccessControlEntry Remove-CAACL)
- Remove-CRLDistributionPoint (Alias: Remove-CDP)
- Remove-ExtensionList
- Remove-OnlineResponderAcl (Alias: Remove-OCSPACL)
- Remove-OnlineResponderArrayMember
- Remove-OnlineResponderLocalCrlEntry
- Remove-OnlineResponderRevocationConfiguration
- Restart-CertificationAuthority
- Restart-OnlineResponder
- Restore-CertificateRevocationListFlagDefault (Alias: Restore-CRLFlagDefault)
- Restore-KeyRecoveryAgentFlagDefault (Alias: Restore-KRAFlagDefault)
- Restore-PolicyModuleFlagDefault
- Revoke-Certificate
- Set-AuthorityInformationAccess (Alias: Set-AIA)
- Set-CACryptographyConfig
- Set-CAKRACertificate
- Set-CATemplate
- Set-CertificateExtension
- Set-CertificateTemplateAcl
- Set-CertificateValidityPeriod
- Set-CertificationAuthorityAcl (Alias: Set-CAACL Set-CASecurityDescriptor)
- Set-CRLDistributionPoint (Alias: Set-CDP)
- Set-CRLValidityPeriod
- Set-ExtensionList
- Set-OnlineResponderAcl (Alias: Set-OCSPACL)
- Set-OnlineResponderProperty
- Set-OnlineResponderRevocationConfiguration
- Show-Certificate
- Show-CertificateRevocationList (Alias: Show-CRL)
- Show-CertificateTrustList (Alias: Show-CTL)
- Start-CertificationAuthority
- Start-OnlineResponder
- Stop-CertificationAuthority
- Stop-OnlineResponder
- Submit-CertificateRequest
- Test-WebServerSSL
- Unregister-ObjectIdentifier