en/CustomPKI-help.xml
<?xml version="1.0" encoding="utf-8"?> <helpItems xmlns="http://msh" schema="maml"> <!-- Updatable Help Version 5.0.0.0 --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-SelfSignedCertificate</command:name> <maml:description> <maml:para>Creates a new self-signed certificate for testing purposes.</maml:para> </maml:description> <maml:copyright> <maml:para /> </maml:copyright> <command:verb>New</command:verb> <command:noun>SelfSignedCertificate</command:noun> <dev:version /> </command:details> <maml:description> <maml:para>The New-SelfSignedCertificate cmdlet creates a self-signed certificate for testing purposes. Using the CloneCert parameter, a test certificate can be created based on an existing certificate with all settings copied from the original certificate except for the public key. The cmdlet creates a new key of the same algorithm and length.</maml:para> <maml:para>Delegation may be required when using this cmdlet with Windows PowerShell remoting and changing user configuration.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-SelfSignedCertificate</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>AlternateSignatureAlgorithm</maml:name> <maml:description> <maml:para>Indicates that this cmdlet uses RSA-PSS (PKCSv2.1) or an elliptic curve cryptography (ECC) equivalent. If you do not specify this parameter, the cmdlet uses the default, RSA-PSS (PKCSv1.5) or an ECC equivalent.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>CertStoreLocation</maml:name> <maml:description> <maml:para>Specifies the certificate store in which to store the new certificate. If the current path is Cert:\CurrentUser or Cert:\CurrentUser\My, the default store is Cert:\CurrentUser\My. If the current path is Cert:\LocalMachine or Cert:\LocalMachine\My, the default store is Cert:\LocalMachine\My. Otherwise, you must specify Cert:\CurrentUser\My or Cert:\LocalMachine\My for this parameter. This parameter does not support other certificate stores.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="named" aliases="none"> <maml:name>CloneCert</maml:name> <maml:description> <maml:para>Identifies the certificate to copy when creating a new certificate. The certificate being cloned can be identified by an X509 certificate or the file path in the certificate provider. When this parameter is used, all fields and extensions of the certificate will be inherited except the public key, a new key of the same algorithm and length will be created, and the NotAfter and NotBefore fields. The default validity period will be the same as the certificate to copy, except that the NotBefore field will be set to ten minutes in the past.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Certificate</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Container</maml:name> <maml:description> <maml:para>Specifies the name of the container in which this cmdlet stores the key for the new certificate. </maml:para> <maml:para>When you create a key, a trailing asterisk (*) indicates that the rest of the container name string is a prefix. An appended GUID string makes the container name unique. </maml:para> <maml:para></maml:para> <maml:para>When you use an existing key, the container name must identify an existing key. You may also have to specify the provider.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>CurveExport</maml:name> <maml:description> <maml:para>Specifies how the public key parameters for an elliptic curve key are represented in the new certificate. The acceptable values for this parameter are: -- CurveParameters -- CurveName -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying key storage provider (KSP). This parameter is not supported with the RSA algorithm or with cryptographic service providers (CSPs).</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CurveParameters</command:parameterValue> <command:parameterValue required="false" variableLength="false">CurveName</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>DnsName</maml:name> <maml:description> <maml:para>Specifies one or more DNS names to put into the subject alternative name extension of the certificate when a certificate to be copied is not specified via the CloneCert parameter. The first DNS name is also saved as the Subject Name. If no signing certificate is specified, the first DNS name is also saved as the Issuer Name.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANDirectoryName</maml:name> <maml:description> <maml:para>Specifies one or more Directory names to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANDNS</maml:name> <maml:description> <maml:para>Specifies one or more DNS names to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANEmail</maml:name> <maml:description> <maml:para>Specifies one or more Email addresses to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANIPAddress</maml:name> <maml:description> <maml:para>Specifies one or more IP addresses to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANRegisteredID</maml:name> <maml:description> <maml:para>Specifies one or more Registered IDs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANUPN</maml:name> <maml:description> <maml:para>Specifies one or more UPNs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANGUID</maml:name> <maml:description> <maml:para>Specifies one or more GUIDs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>ExistingKey</maml:name> <maml:description> <maml:para>Indicates that this cmdlet uses an existing key. If you do not specify this parameter, this cmdlet creates a new key. Creating a certificate from an existing key creates a new key with a new container.</maml:para> <maml:para>When you use an existing key, specify values for the Container parameter, the Provider parameter, and the CertStoreLocation parameter. CertStoreLocation determines the context. The context is user or computer. </maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Extension</maml:name> <maml:description> <maml:para>Specifies an array of certificate extensions, as X509Extension objects, that this cmdlet includes in the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.Security.Cryptography.X509Certificates.X509Extension[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>EKU</maml:name> <maml:description> <maml:para>Specifies an list of enhance key usage extensions by their friendly names, as strings, that this cmdlet includes in the new certificate. The acceptable values are: -- Any Purpose -- Client Authentication -- Server Authentication -- Secure Email -- Code Signing -- Time Stamping -- Document Encryption -- IP Security End System -- IP security tunnel termination -- IP Security User -- IP Security IKE Intermediate -- All application policies -- Microsoft Trust List Signing -- Qualified Subordination -- Key Recovery</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>FriendlyName</maml:name> <maml:description> <maml:para>Specifies a friendly name for the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>HardwareKeyUsage</maml:name> <maml:description> <maml:para>Specifies how a hardware key associated with the new certificate may be used. This parameter applies only when you specify the Microsoft Platform Crypto Provider. The acceptable values for this parameter are: -- None (default) -- SignatureKey -- EncryptionKey -- GenericKey -- StorageKey -- IdentityKey</maml:para> <maml:para>The default value, None, indicates that this cmdlet uses the default value from the underlying KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.HardwareKeyUsage[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>HashAlgorithm</maml:name> <maml:description> <maml:para>Specifies the name of the hash algorithm to use to sign the new certificate. The default hash algorithm depends on the provider that stores the private key used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyAlgorithm</maml:name> <maml:description> <maml:para>Specifies the name of the algorithm that creates the asymmetric keys that are associated with the new certificate. Available asymmetric key algorithms are RSA and Elliptic Curve Digital Signature Algorithms (ECDSA). </maml:para> <maml:para>The elliptic curve algorithm syntax is the following: ECDSA_curvename To obtain a value for curvename, use the certutil –displayEccCurve command. </maml:para> <maml:para>Valid curve names contain a value in the Curve OID column in the output of the certutil –displayEccCurve command. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyDescription</maml:name> <maml:description> <maml:para>Specifies a description for the private key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyExportPolicy</maml:name> <maml:description> <maml:para>Specifies the policy that governs the export of the private key that is associated with the certificate. The acceptable values for this parameter are: -- Exportable -- ExportableEncrypted (default) -- NonExportable The default value of ExportableEncrypted is not compatible with KSP and CSPs that do not allow key export. These include the Microsoft Smart Card Key Storage Provider and the Microsoft Platform Crypto Key Storage Provider. Specify NonExportable for providers that do not allow key export.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyExportPolicy[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFriendlyName</maml:name> <maml:description> <maml:para>Specifies a friendly name for the private key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyLength</maml:name> <maml:description> <maml:para>Specifies the length, in bits, of the key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Int32</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyLocation</maml:name> <maml:description> <maml:para>Specifies the file system location where this cmdlet stores the private keys associated with the new certificate. Specify this parameter only when you specify the Microsoft Platform Crypto Provider.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyProtection</maml:name> <maml:description> <maml:para>Specifies the level of protection required to access the private key that is associated with the certificate. The acceptable values for this parameter are: -- Protect -- ProtectHigh -- ProtectFingerPrint -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying KSP or CSP. For most KSPs and CSPs, the default means that no user interface is required to create and use the private key. A user interface is required if the provider always requires a user interface, such as a smart card, or if the default configuration of the provider has been changed.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyProtection[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeySpec</maml:name> <maml:description> <maml:para>Specifies whether the private key associated with the new certificate can be used for signing, encryption, or both. The acceptable values for this parameter are: -- KeyExchange -- Signature -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying CSP.</maml:para> <maml:para>If the private key is managed by a legacy CSP, the value is KeyExchange or Signature. If the key is managed by a Cryptography Next Generation (CNG) KSP, the value is None.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">KeyExchange</command:parameterValue> <command:parameterValue required="false" variableLength="false">Signature</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyUsage</maml:name> <maml:description> <maml:para>Specifies the key usages set in the key usage extension of the certificate. The acceptable values for this parameter are: -- CertSign -- CRLSign -- DataEncipherment -- DecipherOnly -- DigitalSiganture -- EncipherOnly -- KeyAgreement -- KeyEncipherment -- None (default) -- NonRepudiation The default value, None, indicates that this cmdlet does not include the KeyUsage extension in the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyUsage[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyUsageProperty</maml:name> <maml:description> <maml:para>Specifies the key usages for the key usages property of the private key. The acceptable values for this parameter are: -- All -- Decrypt -- KeyAgreement -- None (default) -- Sign The default value, None, indicates that this cmdlet uses the default value from the underlying KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyUsageProperty[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>NotAfter</maml:name> <maml:description> <maml:para>Specifies the date and time, as a DateTime object, that the certificate expires. To obtain a DateTime object, use the Get-Date cmdlet. The default value for this parameter is one year after the certificate was created. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the date and time, as a DateTime object, when the certificate becomes valid. The default value for this parameter is 10 minutes before the certificate was created.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.DateTime</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Pin</maml:name> <maml:description> <maml:para>Specifies the personal identification number (PIN) used to access the private key of the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.SecureString</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Provider</maml:name> <maml:description> <maml:para>Specifies the name of the KSP or CSP that this cmdlet uses to create the certificate. Some acceptable values for this parameter are: -- Microsoft Software Key Storage Provider -- Microsoft Smart Card Key Storage Provider -- Microsoft Platform Crypto Provider -- Microsoft Strong Cryptographic Provider -- Microsoft Enhanced Cryptographic Provider v1.0 -- Microsoft Enhanced RSA and AES Cryptographic Provider -- Microsoft Base Cryptographic Provider v1.0 -- The name of a third party KSP or CSP</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Reader</maml:name> <maml:description> <maml:para>Specifies the name of the smart card reader on which to store the private key for the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specifies the private key security descriptor as a FileSecurity object. Read access is required to use the private key. This parameter does not apply to providers that do not support security descriptors on private keys, including the smart card CSP and smart card KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.AccessControl.FileSecurity</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SerialNumber</maml:name> <maml:description> <maml:para>Specifies a serial number, as a hexadecimal string, that is associated with the new certificate. If you do not specify this parameter, this cmdlet assigns a pseudo-randomly generated 16 byte value.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Signer</maml:name> <maml:description> <maml:para>Specifies a Certifcate object with which this cmdlet signs the new certificate. This value must be in the Personal certificate store of the user or device. This cmdlet must have read access to the private key of the certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Microsoft.CertificateServices.Commands.Certificate</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SignerPin</maml:name> <maml:description> <maml:para>Specifies the PIN that is required to access the private key of the certificate that is used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.SecureString</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SignerReader</maml:name> <maml:description> <maml:para>Specifies the name of the smart card reader that is used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SmimeCapabilities</maml:name> <maml:description> <maml:para>Indicates that the new certificate includes available encryption algorithms to a Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities extension.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Subject</maml:name> <maml:description> <maml:para>Specifies the string that appears in the subject of the new certificate. This cmdlet prefixes CN= to any value that does not contain an equal sign. For multiple subject relative distinguished names (also known as RDNs), separate each subject relative distinguished name with a comma (,). If the value of the relative distinguished name contains commas, separate each subject relative distinguished name with a semicolon (;).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SuppressOid</maml:name> <maml:description> <maml:para>Specifies an array of object identifier (also known as OID) strings that identify default extensions to be removed from the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>TestRoot</maml:name> <maml:description> <maml:para>Indicates that this cmdlet signs the new certificate by using a built-in test certificate. This cmdlet adds the built-in test certificate to the intermediate certification authority (CA) certificate store of the device. </maml:para> <maml:para>This parameter is for test purposes only. The private key of the test root certificate is essentially public.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>TextExtension</maml:name> <maml:description> <maml:para>Specifies an array of certificate extensions, as strings, which this cmdlet includes in the new certificate. Each string must employ one of the following formats: oid=base64String, where oid is the object identifier of the extension and base64String is a value that you provide. After decoding base64String, the value must be valid Abstract Syntax Notation One (ASN.1). For more information, see <maml:navigationLink> <maml:linkText>Abstract Syntax Notation One (ASN.1): Specification of basic notation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> (http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf). oid={hex}hexidecimalString, where oid is the object identifier of the extension and hexidecimalString is a value that you provide. After decoding hexidecimalString, the value must be valid ASN.1. oid={text}String, where oid is the object identifier of the extension and String is a value that you provide. String must contain a textual representation of the extension value in a format specific to each object ID. When String is processed, it will be encoded into an ASN.1 extension value before being placed into the new certificate as an extension. </maml:para> <maml:para>To specify that an extension is critical, insert {critical} immediately following oid= in any of the previous cases.</maml:para> <maml:para>The object identifiers of some common extensions are as follows: -- Application Policy. 1.3.6.1.4.1.311.21.10 -- Application Policy Mappings. 1.3.6.1.4.1.311.21.11 -- Basic Constraints. 2.5.29.19 -- Certificate Policies. 2.5.29.32 -- Enhanced Key Usage. 2.5.29.37 -- Name Constraints. 2.5.29.30 -- Policy Mappings. 2.5.29.33 -- Subject Alternative Name. 2.5.29.17</maml:para> <maml:para>Application Policy 1.3.6.1.4.1.311.21.10={text}token=value&token=value… The tokens have the following possible values: -- Flags. 0xhexidecimalNumber -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39 -- Notice. Text notice -- OID. Object identifier in dotted decimal notation, such as this example: 1.2.3.4.5 -- URL. The URL of a host, such as this example: http://computer07.contoso.com</maml:para> <maml:para>To specify an Application Policy extension, specify the first object identifier, followed by zero or more other token=value entries. These entries are subordinate to the preceding object identifier. Specify subsequent object identifiers, each followed by its subordinate token=value entries.</maml:para> <maml:para>Application Policy Mappings 1.3.6.1.4.1.311.21.11={text}oid=oid&oid=oid… </maml:para> <maml:para>Certificate Policies 2.5.29.32={text}token=value&token=value… The tokens have the following possible values: -- Flags. 0xhexidecimalNumber -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39 -- Notice. Text notice -- OID. Object ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- URL. The URL of a host, such as this example: http://computer07.contoso.com</maml:para> <maml:para>To specify a Certificate Policies extension, follow the same syntax as an Application Policy extension. </maml:para> <maml:para>Enhanced Key Usage Object Identifiers 2.5.29.37={text}oid,oid… These key usages have the following object identifiers: -- Client Authentication. 1.3.6.1.5.5.7.3.2 -- Server Authentication. 1.3.6.1.5.5.7.3.1 -- Secure Email. 1.3.6.1.5.5.7.3.4 -- Code Signing. 1.3.6.1.5.5.7.3.3 -- Timestamp Signing. 1.3.6.1.5.5.7.3.8</maml:para> <maml:para>Name Constraints 2.5.29.30={text}subtree=subtreeValue&token=value&token=value& …&subtree=subtreeValue&token=value&token=value… The subtreeValue can have the following values: -- Include. Permitted names -- Exclude. Excluded names The tokens have the following possible values: -- DirectoryName. CN=Name,DC=Domain,DC=com -- DNS. A computer name in the following format: computer.contoso.com -- Email. An email address, such as this example: admin@contoso.com -- IPAddress. IPV4 address,IPV4 subnet mask or IPV6 address,IPV6 subnet mask -- RegisteredID. ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- UPN. A user principal name in the following format: admin@contoso.com -- URL. The URL of a host, such as this example: http://computer07.contoso.com/index.html</maml:para> <maml:para>Policy Mapping 2.5.29.33={text}oid=oid&oid=oid…</maml:para> <maml:para>Subject Alternative Name Syntax 2.5.29.17={text}token=value&token=value… The tokens have the following possible values: -- UPN. A user principal name in the following format: admin@contoso.com -- Email. An email address, such as this example: admin@contoso.com -- DNS. A computer name in the following format: computer.contoso.com -- DirectoryName. CN=Name,DC=Domain,DC=com -- URL. The URL of a host, such as this example: http://computer07.contoso.com/index.html -- IPAddress. An IP address -- RegisteredID. ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String[]</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of certificate that this cmdlet creates. The acceptable values for this parameter are: -- CodeSigningCert -- Custom -- DocumentEncryptionCert -- DocumentEncryptionCertLegacyCsp -- SSLServerAuthentication (default)</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Custom</command:parameterValue> <command:parameterValue required="false" variableLength="false">CodeSigningCert</command:parameterValue> <command:parameterValue required="false" variableLength="false">DocumentEncryptionCert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SSLServerAuthentication</command:parameterValue> <command:parameterValue required="false" variableLength="false">DocumentEncryptionCertLegacyCsp</command:parameterValue> </command:parameterValueGroup> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>AlternateSignatureAlgorithm</maml:name> <maml:description> <maml:para>Indicates that this cmdlet uses RSA-PSS (PKCSv2.1) or an elliptic curve cryptography (ECC) equivalent. If you do not specify this parameter, the cmdlet uses the default, RSA-PSS (PKCSv1.5) or an ECC equivalent.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>CertStoreLocation</maml:name> <maml:description> <maml:para>Specifies the certificate store in which to store the new certificate. If the current path is Cert:\CurrentUser or Cert:\CurrentUser\My, the default store is Cert:\CurrentUser\My. If the current path is Cert:\LocalMachine or Cert:\LocalMachine\My, the default store is Cert:\LocalMachine\My. Otherwise, you must specify Cert:\CurrentUser\My or Cert:\LocalMachine\My for this parameter. This parameter does not support other certificate stores.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue)" position="named" aliases="none"> <maml:name>CloneCert</maml:name> <maml:description> <maml:para>Identifies the certificate to copy when creating a new certificate. The certificate being cloned can be identified by an X509 certificate or the file path in the certificate provider. When this parameter is used, all fields and extensions of the certificate will be inherited except the public key, a new key of the same algorithm and length will be created, and the NotAfter and NotBefore fields. The default validity period will be the same as the certificate to copy, except that the NotBefore field will be set to ten minutes in the past.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Certificate</command:parameterValue> <dev:type> <maml:name>Certificate</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Container</maml:name> <maml:description> <maml:para>Specifies the name of the container in which this cmdlet stores the key for the new certificate. </maml:para> <maml:para>When you create a key, a trailing asterisk (*) indicates that the rest of the container name string is a prefix. An appended GUID string makes the container name unique. </maml:para> <maml:para></maml:para> <maml:para>When you use an existing key, the container name must identify an existing key. You may also have to specify the provider.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>CurveExport</maml:name> <maml:description> <maml:para>Specifies how the public key parameters for an elliptic curve key are represented in the new certificate. The acceptable values for this parameter are: -- CurveParameters -- CurveName -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying key storage provider (KSP). This parameter is not supported with the RSA algorithm or with cryptographic service providers (CSPs).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Microsoft.CertificateServices.Commands.CurveParametersExportType</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.CurveParametersExportType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>DnsName</maml:name> <maml:description> <maml:para>Specifies one or more DNS names to put into the subject alternative name extension of the certificate when a certificate to be copied is not specified via the CloneCert parameter. The first DNS name is also saved as the Subject Name. If no signing certificate is specified, the first DNS name is also saved as the Issuer Name.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANDirectoryName</maml:name> <maml:description> <maml:para>Specifies one or more Directory names to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANDNS</maml:name> <maml:description> <maml:para>Specifies one or more DNS names to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANEmail</maml:name> <maml:description> <maml:para>Specifies one or more Email addresses to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANIPAddress</maml:name> <maml:description> <maml:para>Specifies one or more IP addresses to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANRegisteredID</maml:name> <maml:description> <maml:para>Specifies one or more Registered IDs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANUPN</maml:name> <maml:description> <maml:para>Specifies one or more UPNs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANURL</maml:name> <maml:description> <maml:para>Specifies one or more URLs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SANGUID</maml:name> <maml:description> <maml:para>Specifies one or more GUIDs to put into the subject alternative name extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>ExistingKey</maml:name> <maml:description> <maml:para>Indicates that this cmdlet uses an existing key. If you do not specify this parameter, this cmdlet creates a new key. Creating a certificate from an existing key creates a new key with a new container.</maml:para> <maml:para>When you use an existing key, specify values for the Container parameter, the Provider parameter, and the CertStoreLocation parameter. CertStoreLocation determines the context. The context is user or computer. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Extension</maml:name> <maml:description> <maml:para>Specifies an array of certificate extensions, as X509Extension objects, that this cmdlet includes in the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.Security.Cryptography.X509Certificates.X509Extension[]</command:parameterValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Extension[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>EKU</maml:name> <maml:description> <maml:para>Specifies an list of enhance key usage extensions by their friendly names, as strings, that this cmdlet includes in the new certificate. The acceptable values are: -- Any Purpose -- Client Authentication -- Server Authentication -- Secure Email -- Code Signing -- Time Stamping -- Document Encryption -- IP Security End System -- IP security tunnel termination -- IP Security User -- IP Security IKE Intermediate -- All application policies -- Microsoft Trust List Signing -- Qualified Subordination -- Key Recovery</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>FriendlyName</maml:name> <maml:description> <maml:para>Specifies a friendly name for the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>HardwareKeyUsage</maml:name> <maml:description> <maml:para>Specifies how a hardware key associated with the new certificate may be used. This parameter applies only when you specify the Microsoft Platform Crypto Provider. The acceptable values for this parameter are: -- None (default) -- SignatureKey -- EncryptionKey -- GenericKey -- StorageKey -- IdentityKey</maml:para> <maml:para>The default value, None, indicates that this cmdlet uses the default value from the underlying KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.HardwareKeyUsage[]</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.HardwareKeyUsage[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>HashAlgorithm</maml:name> <maml:description> <maml:para>Specifies the name of the hash algorithm to use to sign the new certificate. The default hash algorithm depends on the provider that stores the private key used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyAlgorithm</maml:name> <maml:description> <maml:para>Specifies the name of the algorithm that creates the asymmetric keys that are associated with the new certificate. Available asymmetric key algorithms are RSA and Elliptic Curve Digital Signature Algorithms (ECDSA). </maml:para> <maml:para>The elliptic curve algorithm syntax is the following: ECDSA_curvename To obtain a value for curvename, use the certutil –displayEccCurve command. </maml:para> <maml:para>Valid curve names contain a value in the Curve OID column in the output of the certutil –displayEccCurve command. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyDescription</maml:name> <maml:description> <maml:para>Specifies a description for the private key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyExportPolicy</maml:name> <maml:description> <maml:para>Specifies the policy that governs the export of the private key that is associated with the certificate. The acceptable values for this parameter are: -- Exportable -- ExportableEncrypted (default) -- NonExportable The default value of ExportableEncrypted is not compatible with KSP and CSPs that do not allow key export. These include the Microsoft Smart Card Key Storage Provider and the Microsoft Platform Crypto Key Storage Provider. Specify NonExportable for providers that do not allow key export.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyExportPolicy[]</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.KeyExportPolicy[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyFriendlyName</maml:name> <maml:description> <maml:para>Specifies a friendly name for the private key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyLength</maml:name> <maml:description> <maml:para>Specifies the length, in bits, of the key that is associated with the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyLocation</maml:name> <maml:description> <maml:para>Specifies the file system location where this cmdlet stores the private keys associated with the new certificate. Specify this parameter only when you specify the Microsoft Platform Crypto Provider.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyProtection</maml:name> <maml:description> <maml:para>Specifies the level of protection required to access the private key that is associated with the certificate. The acceptable values for this parameter are: -- Protect -- ProtectHigh -- ProtectFingerPrint -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying KSP or CSP. For most KSPs and CSPs, the default means that no user interface is required to create and use the private key. A user interface is required if the provider always requires a user interface, such as a smart card, or if the default configuration of the provider has been changed.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyProtection[]</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.KeyProtection[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeySpec</maml:name> <maml:description> <maml:para>Specifies whether the private key associated with the new certificate can be used for signing, encryption, or both. The acceptable values for this parameter are: -- KeyExchange -- Signature -- None (default) The default value, None, indicates that this cmdlet uses the default value from the underlying CSP.</maml:para> <maml:para>If the private key is managed by a legacy CSP, the value is KeyExchange or Signature. If the key is managed by a Cryptography Next Generation (CNG) KSP, the value is None.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Microsoft.CertificateServices.Commands.KeySpec</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.KeySpec</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyUsage</maml:name> <maml:description> <maml:para>Specifies the key usages set in the key usage extension of the certificate. The acceptable values for this parameter are: -- CertSign -- CRLSign -- DataEncipherment -- DecipherOnly -- DigitalSiganture -- EncipherOnly -- KeyAgreement -- KeyEncipherment -- None (default) -- NonRepudiation The default value, None, indicates that this cmdlet does not include the KeyUsage extension in the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyUsage[]</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.KeyUsage[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>KeyUsageProperty</maml:name> <maml:description> <maml:para>Specifies the key usages for the key usages property of the private key. The acceptable values for this parameter are: -- All -- Decrypt -- KeyAgreement -- None (default) -- Sign The default value, None, indicates that this cmdlet uses the default value from the underlying KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">Microsoft.CertificateServices.Commands.KeyUsageProperty[]</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.KeyUsageProperty[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>NotAfter</maml:name> <maml:description> <maml:para>Specifies the date and time, as a DateTime object, that the certificate expires. To obtain a DateTime object, use the Get-Date cmdlet. The default value for this parameter is one year after the certificate was created. </maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>NotBefore</maml:name> <maml:description> <maml:para>Specifies the date and time, as a DateTime object, when the certificate becomes valid. The default value for this parameter is 10 minutes before the certificate was created.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Pin</maml:name> <maml:description> <maml:para>Specifies the personal identification number (PIN) used to access the private key of the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.SecureString</command:parameterValue> <dev:type> <maml:name>System.Security.SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Provider</maml:name> <maml:description> <maml:para>Specifies the name of the KSP or CSP that this cmdlet uses to create the certificate. Some acceptable values for this parameter are: -- Microsoft Software Key Storage Provider -- Microsoft Smart Card Key Storage Provider -- Microsoft Platform Crypto Provider -- Microsoft Strong Cryptographic Provider -- Microsoft Enhanced Cryptographic Provider v1.0 -- Microsoft Enhanced RSA and AES Cryptographic Provider -- Microsoft Base Cryptographic Provider v1.0 -- The name of a third party KSP or CSP</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Reader</maml:name> <maml:description> <maml:para>Specifies the name of the smart card reader on which to store the private key for the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specifies the private key security descriptor as a FileSecurity object. Read access is required to use the private key. This parameter does not apply to providers that do not support security descriptors on private keys, including the smart card CSP and smart card KSP.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.AccessControl.FileSecurity</command:parameterValue> <dev:type> <maml:name>System.Security.AccessControl.FileSecurity</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SerialNumber</maml:name> <maml:description> <maml:para>Specifies a serial number, as a hexadecimal string, that is associated with the new certificate. If you do not specify this parameter, this cmdlet assigns a pseudo-randomly generated 16 byte value.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Signer</maml:name> <maml:description> <maml:para>Specifies a Certifcate object with which this cmdlet signs the new certificate. This value must be in the Personal certificate store of the user or device. This cmdlet must have read access to the private key of the certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Microsoft.CertificateServices.Commands.Certificate</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.Certificate</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SignerPin</maml:name> <maml:description> <maml:para>Specifies the PIN that is required to access the private key of the certificate that is used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.Security.SecureString</command:parameterValue> <dev:type> <maml:name>System.Security.SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SignerReader</maml:name> <maml:description> <maml:para>Specifies the name of the smart card reader that is used to sign the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SmimeCapabilities</maml:name> <maml:description> <maml:para>Indicates that the new certificate includes available encryption algorithms to a Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities extension.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Subject</maml:name> <maml:description> <maml:para>Specifies the string that appears in the subject of the new certificate. This cmdlet prefixes CN= to any value that does not contain an equal sign. For multiple subject relative distinguished names (also known as RDNs), separate each subject relative distinguished name with a comma (,). If the value of the relative distinguished name contains commas, separate each subject relative distinguished name with a semicolon (;).</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>SuppressOid</maml:name> <maml:description> <maml:para>Specifies an array of object identifier (also known as OID) strings that identify default extensions to be removed from the new certificate.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>TestRoot</maml:name> <maml:description> <maml:para>Indicates that this cmdlet signs the new certificate by using a built-in test certificate. This cmdlet adds the built-in test certificate to the intermediate certification authority (CA) certificate store of the device. </maml:para> <maml:para>This parameter is for test purposes only. The private key of the test root certificate is essentially public.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>TextExtension</maml:name> <maml:description> <maml:para>Specifies an array of certificate extensions, as strings, which this cmdlet includes in the new certificate. Each string must employ one of the following formats: oid=base64String, where oid is the object identifier of the extension and base64String is a value that you provide. After decoding base64String, the value must be valid Abstract Syntax Notation One (ASN.1). For more information, see <maml:navigationLink> <maml:linkText>Abstract Syntax Notation One (ASN.1): Specification of basic notation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> (http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf). oid={hex}hexidecimalString, where oid is the object identifier of the extension and hexidecimalString is a value that you provide. After decoding hexidecimalString, the value must be valid ASN.1. oid={text}String, where oid is the object identifier of the extension and String is a value that you provide. String must contain a textual representation of the extension value in a format specific to each object ID. When String is processed, it will be encoded into an ASN.1 extension value before being placed into the new certificate as an extension. </maml:para> <maml:para>To specify that an extension is critical, insert {critical} immediately following oid= in any of the previous cases.</maml:para> <maml:para>The object identifiers of some common extensions are as follows: -- Application Policy. 1.3.6.1.4.1.311.21.10 -- Application Policy Mappings. 1.3.6.1.4.1.311.21.11 -- Basic Constraints. 2.5.29.19 -- Certificate Policies. 2.5.29.32 -- Enhanced Key Usage. 2.5.29.37 -- Name Constraints. 2.5.29.30 -- Policy Mappings. 2.5.29.33 -- Subject Alternative Name. 2.5.29.17</maml:para> <maml:para>Application Policy 1.3.6.1.4.1.311.21.10={text}token=value&token=value… The tokens have the following possible values: -- Flags. 0xhexidecimalNumber -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39 -- Notice. Text notice -- OID. Object identifier in dotted decimal notation, such as this example: 1.2.3.4.5 -- URL. The URL of a host, such as this example: http://computer07.contoso.com</maml:para> <maml:para>To specify an Application Policy extension, specify the first object identifier, followed by zero or more other token=value entries. These entries are subordinate to the preceding object identifier. Specify subsequent object identifiers, each followed by its subordinate token=value entries.</maml:para> <maml:para>Application Policy Mappings 1.3.6.1.4.1.311.21.11={text}oid=oid&oid=oid… </maml:para> <maml:para>Certificate Policies 2.5.29.32={text}token=value&token=value… The tokens have the following possible values: -- Flags. 0xhexidecimalNumber -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39 -- Notice. Text notice -- OID. Object ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- URL. The URL of a host, such as this example: http://computer07.contoso.com</maml:para> <maml:para>To specify a Certificate Policies extension, follow the same syntax as an Application Policy extension. </maml:para> <maml:para>Enhanced Key Usage Object Identifiers 2.5.29.37={text}oid,oid… These key usages have the following object identifiers: -- Client Authentication. 1.3.6.1.5.5.7.3.2 -- Server Authentication. 1.3.6.1.5.5.7.3.1 -- Secure Email. 1.3.6.1.5.5.7.3.4 -- Code Signing. 1.3.6.1.5.5.7.3.3 -- Timestamp Signing. 1.3.6.1.5.5.7.3.8</maml:para> <maml:para>Name Constraints 2.5.29.30={text}subtree=subtreeValue&token=value&token=value& …&subtree=subtreeValue&token=value&token=value… The subtreeValue can have the following values: -- Include. Permitted names -- Exclude. Excluded names The tokens have the following possible values: -- DirectoryName. CN=Name,DC=Domain,DC=com -- DNS. A computer name in the following format: computer.contoso.com -- Email. An email address, such as this example: admin@contoso.com -- IPAddress. IPV4 address,IPV4 subnet mask or IPV6 address,IPV6 subnet mask -- RegisteredID. ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- UPN. A user principal name in the following format: admin@contoso.com -- URL. The URL of a host, such as this example: http://computer07.contoso.com/index.html</maml:para> <maml:para>Policy Mapping 2.5.29.33={text}oid=oid&oid=oid…</maml:para> <maml:para>Subject Alternative Name Syntax 2.5.29.17={text}token=value&token=value… The tokens have the following possible values: -- UPN. A user principal name in the following format: admin@contoso.com -- Email. An email address, such as this example: admin@contoso.com -- DNS. A computer name in the following format: computer.contoso.com -- DirectoryName. CN=Name,DC=Domain,DC=com -- URL. The URL of a host, such as this example: http://computer07.contoso.com/index.html -- IPAddress. An IP address -- RegisteredID. ID in dotted decimal notation, such as this example: 1.2.3.4.5 -- GUID. A globally unique ID, such as this example: f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of certificate that this cmdlet creates. The acceptable values for this parameter are: -- CodeSigningCert -- Custom -- DocumentEncryptionCert -- DocumentEncryptionCertLegacyCsp -- SSLServerAuthentication (default)</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">Microsoft.CertificateServices.Commands.CertificateType</command:parameterValue> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.CertificateType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>none</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>false</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>Microsoft.CertificateServices.Commands.Certificate</maml:name> <maml:uri></maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para>The Certificate object can either be provided as a Path object to a certificate or an X509Certificate2 object.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> <maml:uri></maml:uri> <maml:description> <maml:para /> </maml:description> </dev:type> <maml:description> <maml:para>An X509Certificate2 object for the certificate that has been created.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:terminatingErrors /> <command:nonTerminatingErrors /> <command:examples> <command:example> <maml:title>EXAMPLE 1</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\> New-SelfSignedCertificate -DnsName "www.fabrikam.com", "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My" </dev:code> <dev:remarks> <maml:para>This example creates a self-signed SSL server certificate in the computer MY store with the subject alternative name set to www.fabrikam.com, www.contoso.com and Subject and Issuer name set to www.fabrikam.com.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 2</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\> Set-Location -Path "cert:\LocalMachine\My" PS Cert:\LocalMachine\My> $OldCert = (Get-ChildItem -Path E42DBC3B3F2771990A9B3E35D0C3C422779DACD7) PS Cert:\LocalMachine\My> New-SelfSignedCertificate -CloneCert $OldCert </dev:code> <dev:remarks> <maml:para>This example creates a copy of the certificate specified by the CloneCert parameter and puts it in the computer MY store.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 3</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\>New-SelfSignedCertificate -Type Custom -Subject "E=patti.fuller@contoso.com,CN=Patti Fuller" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.4","2.5.29.17={text}email=patti.fuller@contoso.com&upn=pattifuller@contoso.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyLength 2048 -SmimeCapabilities -CertStoreLocation "Cert:\CurrentUser\My" </dev:code> <dev:remarks> <maml:para>This example creates a self-signed S/MIME certificate in the user MY store. The certificate uses the default provider, which is the Microsoft Software Key Storage Provider. The certificate uses an RSA asymmetric key with a key size of 2048 bits. This certificate has the subject alternative names of patti.fuller@contosol.com and pattifuller@contoso.com.</maml:para> <maml:para>This command does not specify the NotAfter parameter. Therefore, the certificate expires in one year. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 4</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\>New-SelfSignedCertificate -Type Custom -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=pattifuller@contoso.com") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" </dev:code> <dev:remarks> <maml:para>This example creates a self-signed client authentication certificate in the user MY store. The certificate uses the default provider, which is the Microsoft Software Key Storage Provider. The certificate uses an RSA asymmetric key with a key size of 2048 bits. The certificate has a subject alternative name of pattifuller@contoso.com.</maml:para> <maml:para>The certificate expires in one year. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 5</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\>New-SelfSignedCertificate -Type Custom -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=pattifuller@contoso.com") -KeyUsage DigitalSignature -KeyAlgorithm ECDSA_nistP256 -CurveExport CurveName -CertStoreLocation "Cert:\CurrentUser\My" </dev:code> <dev:remarks> <maml:para>This example creates a self-signed client authentication certificate in the user MY store. The certificate uses the default provider, which is the Microsoft Software Key Storage Provider. The certificate uses an elliptic curve asymmetric key and the curve parameters nist256, which creates a 256-bit key. The subject alternative name is pattifuller@contoso.com. </maml:para> <maml:para>The certificate expires in one year.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 6</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\>New-SelfSignedCertificate -Type Custom -Provider "Microsoft Platform Crypto Provider" -Subject "CN=Patti Fuller" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=pattifuller@contoso.com") -KeyExportPolicy NonExportable -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" </dev:code> <dev:remarks> <maml:para>This example creates a self-signed client authentication certificate in the user MY store. The certificate uses the Microsoft Platform Crypto Provider. This provider uses the Trusted Platform Module (TPM) of the device to create the asymmetric key. The key is an RSA 2048-bit key that cannot be exported. The subject alternative name is pattifuller@contoso.com. The certificate expires in one year. </maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> <command:example> <maml:title>EXAMPLE 7</maml:title> <maml:introduction> <maml:para></maml:para> </maml:introduction> <dev:code>PS C:\>New-SelfSignedCertificate -Type Custom -Container test* -Subject "CN=Patti Fuller" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=pattifuller@contoso.com") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddMonths(6) </dev:code> <dev:remarks> <maml:para>This example creates a self-signed client authentication certificate in the user MY store. The certificate uses the default provider, which is the Microsoft Software Key Storage Provider. The certificate uses an RSA asymmetric key with a key size of 2048 bits. The subject alternative name is pattifuller@contoso.com. </maml:para> <maml:para>This command specifies a value for NotAfter. The certificate expires in six months.</maml:para> <maml:para /> <maml:para /> </dev:remarks> <command:commandLines> <command:commandLine> <command:commandText /> </command:commandLine> </command:commandLines> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>http://go.microsoft.com/fwlink/p/?linkid=287536</maml:uri> </maml:navigationLink> </maml:relatedLinks> </command:command> </helpItems> |