diff --git a/docset/winserver2016-ps/pki/Import-PfxCertificate.md b/docset/winserver2016-ps/pki/Import-PfxCertificate.md index 063076ebcc..6e656fedb4 100644 --- a/docset/winserver2016-ps/pki/Import-PfxCertificate.md +++ b/docset/winserver2016-ps/pki/Import-PfxCertificate.md @@ -16,8 +16,9 @@ Imports certificates and private keys from a Personal Information Exchange (PFX) ## SYNTAX ``` -Import-PfxCertificate [-Exportable] [-Password ] [[-CertStoreLocation] ] - [-FilePath] [-WhatIf] [-Confirm] [] +Import-PfxCertificate [-Exportable] [-ProtectPrivateKey ] [-Password ] + [[-CertStoreLocation] ] [-FilePath] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -56,6 +57,15 @@ This example imports the PFX file mypfx.pfx into the My store for the machine ac The **Password** parameter is not required since this PFX file is protected using the domain account of this machine. This requires a Windows ServerĀ® 2012 domain controller. +### EXAMPLE 4 +``` +PS C:\>Get-ChildItem -Path c:\mypfx\my.pfx | Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -ProtectPrivateKey vsm +``` + +This example imports the PFX file `my.pfx` with a private key into the My store for the current user. +The **Password** parameter is not required since this PFX file is not password protected. +The private key will be protected by virtualized-based security (VBS) and cannot be exported. + ## PARAMETERS ### -CertStoreLocation @@ -105,6 +115,24 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProtectPrivateKey +Specifies whether to protect the imported private key by virtualized-based security. +If this parameter is specified with the value `vsm`, then the private key cannot be exported. +Virtual Secure Mode (VSM) capabilities were introduced in Windows 10 and Windows Server 2016. + +```yaml +Type: Microsoft.CertificateServices.Commands.ProtectPrivateKeyType +Parameter Sets: (All) +Aliases: +Accepted values: none, vsm + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -FilePath Specifies the path for the PFX file. @@ -177,3 +205,5 @@ The imported **X509Certificate2** object contained in the PFX file that is assoc [Export-PfxCertificate](./Export-PfxCertificate.md) [System Store Locations](/windows/desktop/seccrypto/system-store-locations) + +[Virtualization-based Security](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs) diff --git a/docset/winserver2019-ps/pki/Import-PfxCertificate.md b/docset/winserver2019-ps/pki/Import-PfxCertificate.md index aaa267e488..215b6ad41d 100644 --- a/docset/winserver2019-ps/pki/Import-PfxCertificate.md +++ b/docset/winserver2019-ps/pki/Import-PfxCertificate.md @@ -16,8 +16,9 @@ Imports certificates and private keys from a Personal Information Exchange (PFX) ## SYNTAX ``` -Import-PfxCertificate [-Exportable] [-Password ] [[-CertStoreLocation] ] - [-FilePath] [-WhatIf] [-Confirm] [] +Import-PfxCertificate [-Exportable] [-ProtectPrivateKey ] [-Password ] + [[-CertStoreLocation] ] [-FilePath] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -56,6 +57,15 @@ This example imports the PFX file mypfx.pfx into the My store for the machine ac The **Password** parameter is not required since this PFX file is protected using the domain account of this machine. This requires a Windows ServerĀ® 2012 domain controller. +### EXAMPLE 4 +``` +PS C:\>Get-ChildItem -Path c:\mypfx\my.pfx | Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -ProtectPrivateKey vsm +``` + +This example imports the PFX file `my.pfx` with a private key into the My store for the current user. +The **Password** parameter is not required since this PFX file is not password protected. +The private key will be protected by virtualized-based security (VBS) and cannot be exported. + ## PARAMETERS ### -CertStoreLocation @@ -105,6 +115,24 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProtectPrivateKey +Specifies whether to protect the imported private key by virtualized-based security. +If this parameter is specified with the value `vsm`, then the private key cannot be exported. +Virtual Secure Mode (VSM) capabilities were introduced in Windows 10 and Windows Server 2016. + +```yaml +Type: Microsoft.CertificateServices.Commands.ProtectPrivateKeyType +Parameter Sets: (All) +Aliases: +Accepted values: none, vsm + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -FilePath Specifies the path for the PFX file. @@ -177,3 +205,5 @@ The imported **X509Certificate2** object contained in the PFX file that is assoc [Export-PfxCertificate](./Export-PfxCertificate.md) [System Store Locations](/windows/desktop/seccrypto/system-store-locations) + +[Virtualization-based Security](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs) diff --git a/docset/winserver2022-ps/pki/Import-PfxCertificate.md b/docset/winserver2022-ps/pki/Import-PfxCertificate.md index fda69491c9..ed9664dc1b 100644 --- a/docset/winserver2022-ps/pki/Import-PfxCertificate.md +++ b/docset/winserver2022-ps/pki/Import-PfxCertificate.md @@ -17,9 +17,9 @@ destination store. ## SYNTAX ``` -Import-PfxCertificate [-Exportable] [-Password ] - [[-CertStoreLocation] ] [-FilePath] [-WhatIf] [-Confirm] - [] +Import-PfxCertificate [-Exportable] [-ProtectPrivateKey ] [-Password ] + [[-CertStoreLocation] ] [-FilePath] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -72,6 +72,17 @@ This example imports the PFX file `mypfx.pfx` into the My store for the machine **Password** parameter is not required since this PFX file is protected using the domain account of this machine. This requires a Windows Server 2012 or later domain controller. +### EXAMPLE 4 + +```powershell +Get-ChildItem -Path C:\mypfx.pfx | + Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -ProtectPrivateKey vsm +``` + +This example imports the PFX file `mypfx.pfx` with a private key into the My store for the current user. +The **Password** parameter is not required since this PFX file is not password protected. +The private key will be protected by virtualized-based security (VBS) and cannot be exported. + ## PARAMETERS ### -CertStoreLocation @@ -124,6 +135,25 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProtectPrivateKey + +Specifies whether to protect the imported private key by virtualized-based security. +If this parameter is specified with the value `vsm`, then the private key cannot be exported. +Virtual Secure Mode (VSM) capabilities were introduced in Windows 10 and Windows Server 2016. + +```yaml +Type: Microsoft.CertificateServices.Commands.ProtectPrivateKeyType +Parameter Sets: (All) +Aliases: +Accepted values: none, vsm + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -FilePath Specifies the path for the PFX file. @@ -206,3 +236,5 @@ keys. [Export-PfxCertificate](./Export-PfxCertificate.md) [System Store Locations](/windows/desktop/seccrypto/system-store-locations) + +[Virtualization-based Security](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs) diff --git a/docset/winserver2025-ps/pki/Import-PfxCertificate.md b/docset/winserver2025-ps/pki/Import-PfxCertificate.md index 29d72b650b..016a7cc4db 100644 --- a/docset/winserver2025-ps/pki/Import-PfxCertificate.md +++ b/docset/winserver2025-ps/pki/Import-PfxCertificate.md @@ -17,9 +17,9 @@ destination store. ## SYNTAX ``` -Import-PfxCertificate [-Exportable] [-Password ] - [[-CertStoreLocation] ] [-FilePath] [-WhatIf] [-Confirm] - [] +Import-PfxCertificate [-Exportable] [-ProtectPrivateKey ] [-Password ] + [[-CertStoreLocation] ] [-FilePath] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -72,6 +72,17 @@ This example imports the PFX file `mypfx.pfx` into the My store for the machine **Password** parameter is not required since this PFX file is protected using the domain account of this machine. This requires a Windows Server 2012 or later domain controller. +### EXAMPLE 4 + +```powershell +Get-ChildItem -Path C:\mypfx.pfx | + Import-PfxCertificate -CertStoreLocation Cert:\CurrentUser\My -ProtectPrivateKey vsm +``` + +This example imports the PFX file `mypfx.pfx` with a private key into the My store for the current user. +The **Password** parameter is not required since this PFX file is not password protected. +The private key will be protected by virtualized-based security (VBS) and cannot be exported. + ## PARAMETERS ### -CertStoreLocation @@ -124,6 +135,25 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProtectPrivateKey + +Specifies whether to protect the imported private key by virtualized-based security. +If this parameter is specified with the value `vsm`, then the private key cannot be exported. +Virtual Secure Mode (VSM) capabilities were introduced in Windows 10 and Windows Server 2016. + +```yaml +Type: Microsoft.CertificateServices.Commands.ProtectPrivateKeyType +Parameter Sets: (All) +Aliases: +Accepted values: none, vsm + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -FilePath Specifies the path for the PFX file. @@ -206,3 +236,5 @@ keys. [Export-PfxCertificate](./Export-PfxCertificate.md) [System Store Locations](/windows/desktop/seccrypto/system-store-locations) + +[Virtualization-based Security](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs)