< Back
Get-CCertificate
Post
NAME Get-CCertificate
SYNOPSIS
Gets a certificate from a file on the file system or from a Windows certificate store by thumbprint or friendly
name.
Beginning in Carbon 2.7, the returned object will have a `Path` property that is the full path to either the file
or certificate in the certificate store.
SYNTAX
Get-CCertificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook |
AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-CCertificate -Path <String> [-Password <Object>] [-KeyStorageFlags {DefaultKeySet | UserKeySet | MachineKeySet
| Exportable | UserProtected | PersistKeySet | EphemeralKeySet}] [<CommonParameters>]
Get-CCertificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String>
[<CommonParameters>]
Get-CCertificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook |
AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-CCertificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String>
[<CommonParameters>]
DESCRIPTION
Certificates can be files or they can be in a Windows certificate store. This function returns an
`X509Certificate2` object for a script that's a file on the file system or a cert stored in Microsoft's
certificate store. You can get a certificate from a certificate store with its unique thumbprint or its friendly
name. Friendly names are *not* required to be unique, so you may get multiple certificates when using that search
method.
Certificates loaded from a file are imported with default key storage values, which means if you try to add the
certifiate returned by this function to a certificate store it will get persisted in the user's key store and
*not* persisted.
PARAMETERS
-Path <String>
The path to the certificate. Can be a file system path or a certificate path, e.g. `cert:\\`. Wildcards
supported.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <Object>
The password to the certificate. Can be plaintext or a
[SecureString](http://msdn.microsoft.com/en-us/library ... tring.aspx).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-KeyStorageFlags
The storage flags to use when loading a certificate file. This controls where/how you can store the
certificate in the certificate stores later. Use the `-bor` operator to combine flags.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Thumbprint <String>
The certificate's thumbprint.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FriendlyName <String>
The friendly name of the certificate.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreLocation
The location of the certificate's store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreName
The name of the certificate's store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CustomStoreName <String>
The name of the non-standard, custom store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
System.Security.Cryptography.x509Certificates.X509Certificate2. The X509Certificate2 certificates that were found,
or `$null`.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-CCertificate -Path C:\\Certificates\\certificate.cer -Password MySuperSecurePassword
Gets an X509Certificate2 object representing the certificate.cer file. Wildcards *not* supported when using a file
system path.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-CCertificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -StoreName My -StoreLocation
LocalMachine
Gets an X509Certificate2 object for the certificate in the Personal store with a specific thumbprint under the
Local Machine.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-CCertificate -FriendlyName 'Development Certificate' -StoreLocation CurrentUser -StoreName TrustedPeople
Gets the X509Certificate2 whose friendly name is Development Certificate from the Current User's Trusted People
certificate store.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-CCertificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -CustomStoreName 'SharePoint'
-StoreLocation LocalMachine
Demonstrates how to get a certificate from a custom store, i.e. one that is not part of the standard `StoreName`
enumeration.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Get-CCertificate -Path 'cert:\\CurrentUser\\a909502dd82ae41433e6f83886b00d4277a32a7b'
Demonstrates how to get a certificate out of a Windows certificate store with its certificate path. Wildcards
supported.
RELATED LINKS
SYNOPSIS
Gets a certificate from a file on the file system or from a Windows certificate store by thumbprint or friendly
name.
Beginning in Carbon 2.7, the returned object will have a `Path` property that is the full path to either the file
or certificate in the certificate store.
SYNTAX
Get-CCertificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook |
AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-CCertificate -Path <String> [-Password <Object>] [-KeyStorageFlags {DefaultKeySet | UserKeySet | MachineKeySet
| Exportable | UserProtected | PersistKeySet | EphemeralKeySet}] [<CommonParameters>]
Get-CCertificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String>
[<CommonParameters>]
Get-CCertificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook |
AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-CCertificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String>
[<CommonParameters>]
DESCRIPTION
Certificates can be files or they can be in a Windows certificate store. This function returns an
`X509Certificate2` object for a script that's a file on the file system or a cert stored in Microsoft's
certificate store. You can get a certificate from a certificate store with its unique thumbprint or its friendly
name. Friendly names are *not* required to be unique, so you may get multiple certificates when using that search
method.
Certificates loaded from a file are imported with default key storage values, which means if you try to add the
certifiate returned by this function to a certificate store it will get persisted in the user's key store and
*not* persisted.
PARAMETERS
-Path <String>
The path to the certificate. Can be a file system path or a certificate path, e.g. `cert:\\`. Wildcards
supported.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <Object>
The password to the certificate. Can be plaintext or a
[SecureString](http://msdn.microsoft.com/en-us/library ... tring.aspx).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-KeyStorageFlags
The storage flags to use when loading a certificate file. This controls where/how you can store the
certificate in the certificate stores later. Use the `-bor` operator to combine flags.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Thumbprint <String>
The certificate's thumbprint.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FriendlyName <String>
The friendly name of the certificate.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreLocation
The location of the certificate's store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreName
The name of the certificate's store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CustomStoreName <String>
The name of the non-standard, custom store.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
System.Security.Cryptography.x509Certificates.X509Certificate2. The X509Certificate2 certificates that were found,
or `$null`.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-CCertificate -Path C:\\Certificates\\certificate.cer -Password MySuperSecurePassword
Gets an X509Certificate2 object representing the certificate.cer file. Wildcards *not* supported when using a file
system path.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-CCertificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -StoreName My -StoreLocation
LocalMachine
Gets an X509Certificate2 object for the certificate in the Personal store with a specific thumbprint under the
Local Machine.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Get-CCertificate -FriendlyName 'Development Certificate' -StoreLocation CurrentUser -StoreName TrustedPeople
Gets the X509Certificate2 whose friendly name is Development Certificate from the Current User's Trusted People
certificate store.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-CCertificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -CustomStoreName 'SharePoint'
-StoreLocation LocalMachine
Demonstrates how to get a certificate from a custom store, i.e. one that is not part of the standard `StoreName`
enumeration.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Get-CCertificate -Path 'cert:\\CurrentUser\\a909502dd82ae41433e6f83886b00d4277a32a7b'
Demonstrates how to get a certificate out of a Windows certificate store with its certificate path. Wildcards
supported.
RELATED LINKS