Get-AzKeyVaultCertificate

Module:

Az.KeyVault Module

Gets a certificate from a key vault.

Get-AzKeyVaultCertificate
 [-VaultName] <String>
 [[-Name] <String>]
 [-InRemovedState]
 [-IncludePending]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-VaultName] <String>
 [-Name] <String>
 [-Version] <String>
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-VaultName] <String>
 [-Name] <String>
 [-IncludeVersions]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-InputObject] <PSKeyVault>
 [[-Name] <String>]
 [-InRemovedState]
 [-IncludePending]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-InputObject] <PSKeyVault>
 [-Name] <String>
 [-Version] <String>
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-InputObject] <PSKeyVault>
 [-Name] <String>
 [-IncludeVersions]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-ResourceId] <String>
 [[-Name] <String>]
 [-InRemovedState]
 [-IncludePending]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-ResourceId] <String>
 [-Name] <String>
 [-Version] <String>
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

Get-AzKeyVaultCertificate
 [-ResourceId] <String>
 [-Name] <String>
 [-IncludeVersions]
 [-DefaultProfile <IAzureContextContainer>]
 [<CommonParameters>]

The Get-AzKeyVaultCertificate cmdlet gets the specified certificate or the versions of a certificate from a key vault in Azure Key Vault.

Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "TestCert01"

Name : testCert01
Certificate : [Subject]
 CN=contoso.com

 [Issuer]
 CN=contoso.com

 [Serial Number]
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 [Not Before]
 2/8/2016 3:11:45 PM

 [Not After]
 8/8/2016 4:21:45 PM

 [Thumbprint]
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

KeyId : https://contoso.vault.azure.net:443/keys/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
SecretId : https://contoso.vault.azure.net:443/secrets/TestCert01/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tags :
Enabled : True
Created : 2/8/2016 11:21:45 PM
Updated : 2/8/2016 11:21:45 PM

This command gets the certificate named TestCert01 from the key vault named ContosoKV01

$CertBase64 = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certName -AsPlainText
$CertBytes = [Convert]::FromBase64String($CertBase64)
Set-Content -Path cert.pfx -Value $CertBytes -AsByteStream

This command gets the certificate named $certName from the key vault named $vaultName. These commands access secret $certName and then save the content as a pfx file.

Get-AzKeyVaultCertificate -VaultName 'contoso' -InRemovedState

DeletedDate : 5/24/2018 6:08:32 PM
Enabled : True
Expires : 11/24/2018 6:08:13 PM
NotBefore : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Tags :
VaultName : contoso
Name : test1
Version :
Id : https://contoso.vault.azure.net:443/certificates/test1

ScheduledPurgeDate : 8/22/2018 6:10:47 PM
DeletedDate : 5/24/2018 6:10:47 PM
Enabled : True
Expires : 11/24/2018 6:09:44 PM
NotBefore : 5/24/2018 5:59:44 PM
Created : 5/24/2018 6:09:44 PM
Updated : 5/24/2018 6:09:44 PM
Tags :
VaultName : contoso
Name : test2
Version :
Id : https://contoso.vault.azure.net:443/certificates/test2

This command gets all the certificates that have been previously deleted, but not purged, in the key vault named Contoso.

Get-AzKeyVaultCertificate -VaultName 'contoso' -Name 'test1' -InRemovedState

Certificate : [Subject]
 CN=contoso.com

 [Issuer]
 CN=contoso.com

 [Serial Number]
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 [Not Before]
 5/24/2018 10:58:13 AM

 [Not After]
 11/24/2018 10:08:13 AM

 [Thumbprint]
 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

KeyId : https://contoso.vault.azure.net:443/keys/test1/7fe415d5518240c1a6fce89986b8d334
SecretId : https://contoso.vault.azure.net:443/secrets/test1/7fe415d5518240c1a6fce89986b8d334
Thumbprint : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RecoveryLevel : Recoverable+Purgeable
ScheduledPurgeDate : 8/22/2018 6:08:32 PM
DeletedDate : 5/24/2018 6:08:32 PM
Enabled : True
Expires : 11/24/2018 6:08:13 PM
NotBefore : 5/24/2018 5:58:13 PM
Created : 5/24/2018 6:08:13 PM
Updated : 5/24/2018 6:08:13 PM
Tags :
VaultName : contoso
Name : test1
Version : 7fe415d5518240c1a6fce89986b8d334
Id : https://contoso.vault.azure.net:443/certificates/test1/7fe415d5518240c1a6fce89986b8d334

This command gets the certificate named 'MyCert' that has been previously deleted, but not purged, in the key vault named Contoso. This command will return metadata such as the deletion date, and the scheduled purging date of this deleted certificate.

Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "test*"

Enabled : True
Expires : 8/5/2019 2:39:25 AM
NotBefore : 2/5/2019 2:29:25 AM
Created : 2/5/2019 2:39:25 AM
Updated : 2/5/2019 2:39:25 AM
Tags :
VaultName : ContosoKV01
Name : test1
Version :
Id : https://ContosoKV01.vault.azure.net:443/certificates/test1

Enabled : True
Expires : 8/5/2019 2:39:25 AM
NotBefore : 2/5/2019 2:29:25 AM
Created : 2/5/2019 2:39:25 AM
Updated : 2/5/2019 2:39:25 AM
Tags :
VaultName : ContosoKV01
Name : test2
Version :
Id : https://ContosoKV01.vault.azure.net:443/certificates/test2

This command gets all certificates starting with "test" from the key vault named ContosoKV01.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.