Confirm-CAEndorsementKeyInfo is accessible with the help of adcsadministration module. To install adcsadministration on your system please refer to this link.

Checks whether the local CA trusts secure hardware for key attestation.

The Confirm-CAEndorsementKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for key attestation. The cmdlet checks the endorsement key or certificate. An endorsement key is permanently embedded in the security hardware. The public portion of the endorsement key helps to recognize genuine security hardware.

This cmdlet verifies whether the endorsement public certificate connects by means of a certificate chain to an anchor that the CA trusts for key attestation. Specify an X509 certificate by using the Certificate parameter.

This cmdlet checks whether the endorsement public key exists as a file in a folder configured at the local CA for key attestation. Specify the public key by using the PublicKeyHash parameter.


         Specifies an X509 public key certificate issued to secure hardware.

    Required?                    true
    Position?                    1
    Default value                
    Accept pipeline input?       True (ByValue, ByPropertyName)
    Accept wildcard characters?  false

-PublicKeyHash <String>
    Specifies an endorsement public key of the secure hardware, as the result of the SHA-256 hash algorithm. This is a 64 character hexadecimal string.

    Required?                    true
    Position?                    1
    Default value                
    Accept pipeline input?       True (ByValue, ByPropertyName)
    Accept wildcard characters?  false


Confirm-CAEndorsementKeyInfo [-Certificate]  []

Confirm-CAEndorsementKeyInfo [-PublicKeyHash] <String> [<CommonParameters>]

Example 1: Check an endorsement certificate
PS C:>Confirm-CAEndorsementKeyInfo -Certificate TOSSolution.cer
This command checks whether the endorsement certificate TOSSolution.cer connects, by means of a certificate chain, to a trusted anchor. This example returns a value of $True.

Example 2: Check an endorsement key
PS C:>Confirm-CAEndorsementKeyInfo -PublicKeyHash “1dd117facfbdcbd8713asdasdasd213aeas1e6323a877476ecd167”
The command checks for the endorsement public certificate specified as an SHA-256 hash code. This example returns a value of $False. Therefore, the CA does not have this public key.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Confirm-CAEndorsementKeyInfo

Confirm-CAEndorsementKeyInfo command cmdlet powershell certificate

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Leave a Reply

Your email address will not be published. Required fields are marked *