Checks whether the local CA trusts secure hardware for key attestation.
The Confirm-CAEndorsementKeyInfo cmdlet checks whether the local certification authority (CA) trusts secure hardware, such as a Trusted Platform Module (TPM), for key attestation. The cmdlet checks the endorsement key or certificate. An endorsement key is permanently embedded in the security hardware. The public portion of the endorsement key helps to recognize genuine security hardware.
-Certificate
Specifies an X509 public key certificate issued to secure hardware.
Required? true
Position? 1
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
-PublicKeyHash <String>
Specifies an endorsement public key of the secure hardware, as the result of the SHA-256 hash algorithm. This is a 64 character hexadecimal string.
Required? true
Position? 1
Default value
Accept pipeline input? True (ByValue, ByPropertyName)
Accept wildcard characters? false
Confirm-CAEndorsementKeyInfo [-Certificate] []
Confirm-CAEndorsementKeyInfo [-PublicKeyHash] <String> [<CommonParameters>]
PS C:>Confirm-CAEndorsementKeyInfo -Certificate TOSSolution.cer
True
This command checks whether the endorsement certificate TOSSolution.cer connects, by means of a certificate chain, to a trusted anchor. This example returns a value of $True.
PS C:>Confirm-CAEndorsementKeyInfo -PublicKeyHash “1dd117facfbdcbd8713asdasdasd213aeas1e6323a877476ecd167”
False
The command checks for the endorsement public certificate specified as an SHA-256 hash code. This example returns a value of $False. Therefore, the CA does not have this public key.
Get-Command Confirm-CAEndorsementKeyInfo