Improved Certificate Management for Pure1 PowerShell Module

I have made some basic improvements to the Pure1 PowerShell Module that should make it easier to authenticate and connect.

In the release there are two new cmdlets:



And some minor changes to:




The short answer now is that authentication is even easier now.

When you create a new certificate that you want to authenticate with Pure1 for the first time you need to run:

New-PureOneCertificate | Get-PureOnePublicKey

Then copy that key into Pure1:

Then take the API key:

Then authenticate with it:

From now on, all you need to do in subsequent times you launch PowerShell, you only need to run that command:

The only time you need to do anything else if is if you want to use a different certificate (or key pair) or want to create a new one.

For the details:


Earlier, when you created a new certificate you had to remember which one you created and would have to know the exact location of it if you wanted to re-use it. This is due to the fact that if you created more than one, the module couldn’t assume which one was the correct one. It had no mechanism to know the “preferred” certificate.

Now, when you create a new certificate, it will mark it as default. This way if you do not specify the certificate the module will default to the one you likely want. It specifies the default certificate by giving it a specific friendly name of “Default Pure1 REST API Certificate”:

There can only be on default certificate in a given certificate store. Such as cert:\localmachine\my or cert:\currentuser\my. The module defaults to using cert:\currentuser\my unless you specify otherwise.

If you create a new certificate and there is already a default, it will ask you to confirm making the new one the default:

If you want to create a new certificate that is not the default, just add the -nonDefault switch parameter:

What about Linux or MacOS? Well there are certificate in this case, but instead public and private key pairs. So the default “key” doesn’t really exist. But it does create the key with a certain name in a certain place by default. So if you do not specify a different key and the default one exists it will use that key.


This is a new cmdlet. It will automatically return the default key (if it exists) to you. In Windows:

In Linux/MacOS:

If the key/certificate does not exist it will throw an error. So in this case, either create a new one, or specify a non-default one (if you created one through another mechanism).


If you want to set an old key (one created prior to this release) to the default, or one created through another way), you can pass it into this cmdlet.

Note that this cmdlet is only relevant for Windows–you set a default key in Linux/MacOS by putting it in the default location with the default name–which is the working directory and the name of PureOnePrivate.pem.

You can either pass in the certificate, OR both the store and the thumbprint like above.

If a default certificate already exists, it will prompt you to confirm removing the previous certificate as the default and making the new one the default:


New-PureOneConnection is built now to use the Get-PureOneCertificate cmdlet too. So you don’t need to remember anything if there is a default certificate (or private key) and you indeed want to use that one. All you need to know is the correct Pure1 API key.

If you use the wrong API key for the default cert/key you will see:

One Reply to “Improved Certificate Management for Pure1 PowerShell Module”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.