Install-AdcsCertificationAuthority
Performs installation and configuration of the Active Directory Certificate Services (AD CS) Certification Authority (CA) role service.
The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. To remove the certification authority role service use the Uninstall-AdcsCertificationAuthority cmdlet.
Import-Module ServerManager
Add-WindowsFeature Adcs-Cert-Authority
-AllowAdministratorInteraction
Specifies whether prompting is enabled when the private key is accessed. This is not required for any of the Microsoft default providers. For enhanced security components, such as a hardware security module (HSM), review the enhanced security component vendor documentation.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CACommonName <String>
Specifies the certification authority common name.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CADistinguishedNameSuffix <String>
Specifies the certification authority distinguished name suffix.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CAType <CAType>
Specifies the type of certification authority to install. The possible values are: EnterpriseRootCA, EnterpriseSubordinateCA, StandaloneRootCA, or StandaloneSubordinateCA.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CertFile <String>
Specifies the file name of certification authority PKCS #12 formatted certificate file.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CertFilePassword <SecureString>
Specifies the password for certification authority certificate file.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CertificateID <String>
Specifies the thumbprint or serial number of certification authority certificate.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Credential <PSCredential>
To install an enterprise certification authority, the computer must be joined to an Active Directory Domain Services (AD DS) domain and a user account that is a member of the Enterprise Admin group is required. To install a standalone certification authority, the computer can be in a workgroup or AD DS domain. If the computer is in a workgroup, a user account that is a member of Administrators is required. If the computer is in an AD DS domain, a user account that is a member of Domain Admins is required.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-CryptoProviderName <String>
The name of the cryptographic service provider (CSP) or key storage provider (KSP) that is used to generate or store the private key for the CA.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-DatabaseDirectory <String>
Specifies the folder location of the certification authority database.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Force <SwitchParameter>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HashAlgorithmName <String>
Specifies the signature hash algorithm used by the certification authority.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-IgnoreUnicode <SwitchParameter>
Specifies that Unicode characters are allowed in certification authority name string.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-KeyContainerName <String>
Specifies the name of an existing private key container.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-KeyLength <Int32>
Specifies the bit length for new certification authority key.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-LogDirectory <String>
Specifies the folder location of the certification authority database log.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-OutputCertRequestFile <String>
Specifies the folder location for certificate request file.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-OverwriteExistingCAinDS <SwitchParameter>
Specifies that the computer object in the Active Directory Domain Service domain should be overwritten with the same computer name.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-OverwriteExistingDatabase <SwitchParameter>
Specifies that the existing certification authority database should be overwritten.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-OverwriteExistingKey <SwitchParameter>
Overwrite existing key container with the same name
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ParentCA <String>
Specifies the configuration string of the parent certification authority that will certify this CA.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ValidityPeriod <ValidityPeriod>
Specifies the validity period of the certification authority (CA) certificate in hours, days, weeks, months or years. If this is a subordinate CA, do not use this parameter, because the validity period is determined by the parent CA.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-ValidityPeriodUnits <Int32>
Validity period of the certification authority (CA) certificate. If this is a subordinate CA, do not specify this parameter because the validity period is determined by the parent CA.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Confirm <SwitchParameter>
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf <SwitchParameter>
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false Install-AdcsCertificationAuthority [-AllowAdministratorInteraction ] [-CACommonName ] [-CADistinguishedNameSuffix ] [-CAType ] [-Credential ] [-CryptoProviderName ] [-DatabaseDirectory ] [-Force ] [-HashAlgorithmName ] [-IgnoreUnicode ] [-KeyLength ] [-LogDirectory ] [-OutputCertRequestFile ] [-OverwriteExistingCAinDS ] [-OverwriteExistingDatabase ] [-OverwriteExistingKey ] [-ParentCA ] [-ValidityPeriod ] [-ValidityPeriodUnits ] [-Confirm ] [-WhatIf ] []
Install-AdcsCertificationAuthority [-AllowAdministratorInteraction ] [-CADistinguishedNameSuffix <String>] [-CAType <CAType>] [-Credential <PSCredential>] [-CryptoProviderName <String>] [-DatabaseDirectory <String>] [-Force ] [-HashAlgorithmName <String>] [-IgnoreUnicode ] [-KeyContainerName <String>] [-LogDirectory <String>] [-OutputCertRequestFile <String>] [-OverwriteExistingCAinDS ] [-OverwriteExistingDatabase ] [-ParentCA <String>] [-ValidityPeriod <ValidityPeriod>] [-ValidityPeriodUnits <Int32>] [-Confirm ] [-WhatIf ] [<CommonParameters>]
Install-AdcsCertificationAuthority [-AllowAdministratorInteraction ] [-CAType <CAType>] [-CertFile <String>] [-CertFilePassword <SecureString>] [-CertificateID <String>] [-Credential <PSCredential>] [-DatabaseDirectory <String>] [-Force ] [-LogDirectory <String>] [-OverwriteExistingDatabase ] [-OverwriteExistingKey ] [-Confirm ] [-WhatIf ] [<CommonParameters>]
Ensure you run Windows PowerShell as an administrator. You can use the -f switch to bypass the prompt for confirmation.
If you have installation issues, try using the -verbose switch to get verbose output and review the information in the %windir%\cerocm.log.
C:\PS>Install-AdcsCertificationAuthority -CAType StandaloneRootCa
This command installs a new Standalone Root CA with default settings.
C:\PS>Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName “ECDSA_P256#Microsoft Software Key Storage Provider” -KeyLength 256 -HashAlgorithmName SHA256
This command installs a new Enterprise Root CA using a specific provider (ECDSA_P256 Microsoft Software Key Storage Provider), key length (256), hash algorithm (SHA 256)
————————– EXAMPLE 3 ————————–
C:\PS>Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName “RSA#Microsoft Software Key Storage Provider” -KeyLength 2048 -HashAlgorithmName SHA1 -ValidityPeriod Years -ValidityPeriodUnits 3
This command installs a new Enterprise Root CA with the Microsoft Software Key Storage Provider using the RSA algorithm, key length (2048), hash algorithm (SHA 256), and validity period (3 years).
C:\PS>Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCa -ParentCA life.general.TOSSolution.com\life-CA
This command installs a new Enterprise subordinate CA, the parent CA is life in the general domain of TOSSolution.com
C:\PS>Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCa -CertFile C:\Cert\lifegen-p12 -CertFilePassword (read-host “Set user password” -assecurestring)
This command installs an Enterprise Subordinate certification authority using an existing certificate from a PFX/P12 file that is located on the local C:\Cert folder named lifegen.p12.
Get-Command Install-AdcsCertificationAuthority
Uninstall-AdcsCertificationAuthority
Best view i have ever seen !
Excellent site you have here.. It’s hard to find high quality writing like yours nowadays. I seriously appreciate people like you! Take care!!