Install-Certificate

Installs a certificate in a given store.

Syntax

Install-Certificate [-Path] <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [-Exportable] [-Password <Object>] [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-Certificate [-Path] <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [-Exportable] [-Password <Object>] [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-Certificate [-Certificate] <X509Certificate2> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-Certificate [-Certificate] <X509Certificate2> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Description

Uses the .NET certificates API to add a certificate to a store for the machine or current user. The user performing the action must have permission to modify the store or the installation will fail.

To install a certificate on a remote computer, create a remoting session with the New-PSSession cmdlet, and pass the session object to this function's Session parameter. When installing to a remote computer, the certificate's binary data is converted to a base-64 encoded string and sent to the remote computer, where it is converted back into a certificate. If installing a certificate from a file, the file's bytes are converted to base-64, sent to the remote computer, saved as a temporary file, installed, and the temporary file is removed.

The ability to install a certificate on a remote computer was added in Carbon 2.1.0.

Parameters

Name Type Description Required? Pipeline Input Default Value
Path String

The path to the certificate file.

true false
Certificate X509Certificate2

The certificate to install.

true false
StoreLocation StoreLocation

The location of the certificate's store. To see a list of acceptable values, run:

[Enum]::GetValues([Security.Cryptography.X509Certificates.StoreLocation])

true false
StoreName StoreName

The name of the certificate's store. To see a list of acceptable values run:

[Enum]::GetValues([Security.Cryptography.X509Certificates.StoreName])

true false
CustomStoreName String

The name of the non-standard, custom store where the certificate should be installed.

true false
Exportable SwitchParameter

Mark the private key as exportable. Only valid if loading the certificate from a file.

false false False
Password Object

The password for the certificate. Should be a System.Security.SecureString.

false false
Session PSSession[]

Use the Session parameter to install a certificate on remote computer(s) using PowerShell remoting. Use New-PSSession to create a session.

This parameter was added in Carbon 2.1.0.

false false
WhatIf SwitchParameter false false
Confirm SwitchParameter false false
CommonParameters This cmdlet supports common parameters. For more information type
Get-Help about_CommonParameters.

Return Values

System.Security.Cryptography.X509Certificates.X509Certificate2. An X509Certificate2 object representing the newly installed certificate.

EXAMPLE 1

Install-Certificate -Path C:\Users\me\certificate.cer -StoreLocation LocalMachine -StoreName My -Exportable -Password My5up3r53cur3P@55w0rd

Installs the certificate (which is protected by a password) at C:\Users\me\certificate.cer into the local machine's Personal store. The certificate is marked exportable.

EXAMPLE 2

Install-Certificate -Path C:\Users\me\certificate.cer -StoreLocation LocalMachine -StoreName My -ComputerName remote1,remote2

Demonstrates how to install a certificate from a file on the local computer into the local machine's personal store on two remote cmoputers, remote1 and remote2. Use the Credential parameter to connect as a specific principal.