Add-CACrlDistributionPoint
Adds a CRL distribution point URI where AD CS publishes certification revocations.
Syntax
Default (Default)
Add-CACrlDistributionPoint
[-Uri] <String>
[-AddToCertificateCdp]
[-AddToFreshestCrl]
[-AddToCrlCdp]
[-AddToCrlIdp]
[-PublishToServer]
[-PublishDeltaToServer]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-CACRLDistributionPoint cmdlet adds a certificate revocation list (CRL) distribution point uniform resource indicator (URI) where Active Directory Certificate Services (AD CS) publishes certification revocations.
You can add CRL distribution points in issued certificates by using this Windows PowerShell cmdlet. However, adding the URL for a CRL distribution point only affects newly issued certificates. Previously issued certificates will continue to reference the original location.
To indicate that you want to use a URL as a CRL distribution point, use the switch parameter PublishCRL.
To indicate that you want to use a URL as a delta CRL distribution point, use the switch parameter PublishDeltaCRL.
To indicate that you want to publish this location in CRLs to point clients to a delta CRL, use the switch parameter IncludeDeltaCRLs.
CRL uniform resource locators can be HTTP or Lightweight Directory Access Protocol (LDAP) paths. You can use the following variables depending upon the switch when specifying the address of the CRL.
<CAName>, which is replaced by the name of the targeted CA.
<CAObjectClass>, which is replaced by object class identifier for a CA, used when publishing to an LDAP URL.
<CATruncatedName>, which is replaced by sanitized name of the CA, truncated to 32 characters with a hash at the end.
<CDPObjectClass>, which is replaced by the object class identifier for CRL distribution points, used when publishing to an LDAP URL.
<CertificateName>, which is replaced by the renewal extension of the CA.
<ConfigurationContainer>, which is replaced by the location of the Configuration container in Active Directory Domain Services (AD DS) location.
<CRLNameSuffix>, which is replaced by inserts a name suffix at the end of the file name when publishing a CRL to a file or URL.
<DeltaCRLAllowed>, which is replaced by the CRLNameSuffix variable with a separate suffix to distinguish the delta CRL from the CRL; used when a delta CRL is published.
<ServerDNSName>, which is replaced by the DNS name of the CA server.
<ServerShortName>, which is replaced by the NetBIOS name of the CA server.
Examples
Example 1: Add a CRL distribution point URI where AD CS publishes certification revocations
PS C:\> Add-CACRLDistributionPoint -Uri "http://ca1.corp.contoso.com/pki/<CAName>.crl" -AddToCertificateCdp
This command adds a CRL distribution point for the URI of http://ca1.corp.contoso.com/pki/<CAName>.crl and sets the CRL URI to be included in issued certificates.
Parameters
-AddToCertificateCdp
Indicates that the cmdlet adds the CDP extension of issued certificates. This parameter is available for use with LDAP, HTTP, Universal Naming Convention (UNC), and File paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AddToCrlCdp
Indicates that the cmdlet includes the CRL. This parameter is available for use with LDAP paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AddToCrlIdp
Indicates that the cmdlet includes the IDP extension of issued certificates. This parameter is available for use with LDAP and HTTP paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-AddToFreshestCrl
Indicates that the cmdlet includes the most recent CRL. This parameter is available for use with LDAP, HTTP, UNC, and file paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PublishDeltaToServer
Indicates that the cmdlet publishes the delta CRL. This parameter is available for use with LDAP, UNC, local, and file paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-PublishToServer
Indicates that the cmdlet publishes the CRL to the specified server. This parameter is available for use with LDAP, local, UNC, and file paths.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Uri
Specifies the uniform resource identifier (URI) for the distribution point location of the CRL. This is the location from where status information about certificate revocation will be retrieved and the location the CRL will be published.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
String
SwitchParameter
Outputs
Microsoft.CertificateServices.Administration.Commands.CA.CrlDistributionPointResult
This cmdlet returns a Boolean object named Restart. If Restart equals True, then the CA must be restarted.