Gets a certificate from a file on the file system or from a Windows certificate store by thumbprint or friendly name.
Get-Certificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-Certificate -Path <String> [-Password <Object>] [-KeyStorageFlags {DefaultKeySet | UserKeySet | MachineKeySet | Exportable | UserProtected | PersistKeySet | EphemeralKeySet}] [<CommonParameters>]
Get-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [<CommonParameters>]
Get-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [<CommonParameters>]
Get-Certificate -FriendlyName <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [<CommonParameters>]Certificates can be files or they can be in a Windows certificate store. This function returns an X509Certificate2 object for a script that's a file on the file system or a cert stored in Microsoft's certificate store. You can get a certificate from a certificate store with its unique thumbprint or its friendly name. Friendly names are not required to be unique, so you may get multiple certificates when using that search method.
Certificates loaded from a file are imported with default key storage values, which means if you try to add the certifiate returned by this function to a certificate store it will get persisted in the user's key store and not persisted.
| Name | Type | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| Path | String | The path to the certificate. Can be a file system path or a certificate path, e.g. |
true | false | |
| Password | Object | The password to the certificate. Can be plaintext or a SecureString. |
false | false | |
| KeyStorageFlags | X509KeyStorageFlags | The storage flags to use when loading a certificate file. This controls where/how you can store the certificate in the certificate stores later. Use the |
false | false | |
| Thumbprint | String | The certificate's thumbprint. |
true | false | |
| FriendlyName | String | The friendly name of the certificate. |
true | false | |
| StoreLocation | StoreLocation | The location of the certificate's store. |
true | false | |
| StoreName | StoreName | The name of the certificate's store. |
true | false | |
| CustomStoreName | String | The name of the non-standard, custom store. |
true | false |
System.Security.Cryptography.x509Certificates.X509Certificate2. The X509Certificate2 certificates that were found, or $null.
Get-Certificate -Path C:\Certificates\certificate.cer -Password MySuperSecurePasswordGets an X509Certificate2 object representing the certificate.cer file. Wildcards not supported when using a file system path.
Get-Certificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -StoreName My -StoreLocation LocalMachineGets an X509Certificate2 object for the certificate in the Personal store with a specific thumbprint under the Local Machine.
Get-Certificate -FriendlyName 'Development Certificate' -StoreLocation CurrentUser -StoreName TrustedPeopleGets the X509Certificate2 whose friendly name is Development Certificate from the Current User's Trusted People certificate store.
Get-Certificate -Thumbprint a909502dd82ae41433e6f83886b00d4277a32a7b -CustomStoreName 'SharePoint' -StoreLocation LocalMachineDemonstrates how to get a certificate from a custom store, i.e. one that is not part of the standard StoreName enumeration.
Get-Certificate -Path 'cert:\CurrentUser\a909502dd82ae41433e6f83886b00d4277a32a7b'Demonstrates how to get a certificate out of a Windows certificate store with its certificate path. Wildcards supported.