Get-Certificate

Gets a certificate from a file on the file system or from a Windows certificate store by thumbprint or friendly name.

Syntax

Get-Certificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]

Get-Certificate -Path <String> [-Password <Object>] [-KeyStorageFlags {DefaultKeySet | UserKeySet | MachineKeySet | Exportable | UserProtected | PersistKeySet}] [<CommonParameters>]

Get-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [<CommonParameters>]

Get-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]

Get-Certificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [<CommonParameters>]

Description

Certificates can be files or they can be in a Windows certificate store. This function returns an X509Certificate2 object for a script that's a file on the file system or a cert stored in Microsoft's certificate store. You can get a certificate from a certificate store with its unique thumbprint or its friendly name. Friendly names are not required to be unique, so you may get multiple certificates when using that search method.

Certificates loaded from a file are imported with default key storage values, which means if you try to add the certifiate returned by this function to a certificate store it will get persisted in the user's key store and not persisted.

Parameters

Name Type Description Required? Pipeline Input Default Value
Path String

The path to the certificate. Can be a file system path or a certificate path, e.g. cert:\. Wildcards supported.

true false
Password Object

The password to the certificate. Can be plaintext or a SecureString.

false false
KeyStorageFlags X509KeyStorageFlags

The storage flags to use when loading a certificate file. This controls where/how you can store the certificate in the certificate stores later. Use the -bor operator to combine flags.

false false
Thumbprint String

The certificate's thumbprint.

true false
FriendlyName String

The friendly name of the certificate.

true false
StoreLocation StoreLocation

The location of the certificate's store.

true false
StoreName StoreName

The name of the certificate's store.

true false
CustomStoreName String

The name of the non-standard, custom store.

true false

Return Values

System.Security.Cryptography.x509Certificates.X509Certificate2. The X509Certificate2 certificates that were found, or $null.

EXAMPLE 1

Get-Certificate -Path C:\Certificates\certificate.cer -Password MySuperSecurePassword

Gets an X509Certificate2 object representing the certificate.cer file. Wildcards not supported when using a file system path.

EXAMPLE 2

Get-Certificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -StoreName My -StoreLocation LocalMachine

Gets an X509Certificate2 object for the certificate in the Personal store with a specific thumbprint under the Local Machine.

EXAMPLE 3

Get-Certificate -FriendlyName 'Development Certificate' -StoreLocation CurrentUser -StoreName TrustedPeople

Gets the X509Certificate2 whose friendly name is Development Certificate from the Current User's Trusted People certificate store.

EXAMPLE 4

Get-Certificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -CustomStoreName 'SharePoint' -StoreLocation LocalMachine

Demonstrates how to get a certificate from a custom store, i.e. one that is not part of the standard StoreName enumeration.

EXAMPLE 5

Get-Certificate -Path 'cert:\CurrentUser\a909502dd82ae41433e6f83886b00d4277a32a7b'

Demonstrates how to get a certificate out of a Windows certificate store with its certificate path. Wildcards supported.