2.2.9.4 RootCATrustedCertificates Configuration Service Provider

The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates. The ./User/ configuration is not supported in RootCATrustedCertificates/Root/ node.

The following image shows the RootCATrustedCertificates configuration service provider in tree format.

The RootCACertificate configuration service provider in tree format

The RootCACertificate configuration service provider in tree format

Figure 6: The RootCACertificate configuration service provider in tree format

Device or User: The root node for the RootCATrustedCertificates configuration service provider. For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.

RootCATrustedCertificates/Root: Node for Root (self-signed) certificates.

RootCATrustedCertificates/CA: The node for CA certificates.

RootCATrustedCertificates/TrustedPublisher: The node for trusted publisher certificates.

RootCATrustedCertificates/TrustedPeople: The node for trusted people certificates.

/CertHash: Defines the SHA-1 hash for the certificate. The 20-byte value of the SHA-1 certificate hash is specified as a hexadecimal string value. The supported operations are Add, Delete, and Replace.

/EncodedCertificate: Specifies the X.509 certificate as a base64-encoded string. The base64 string value cannot include extra formatting characters such as embedded linefeeds. The supported operations are Add, Get, Delete, and Replace.

/IssuedBy: Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. The only supported operation is Get.

/IssuedTo: Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. The only supported operation is Get.

/ValidFrom: Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure. The only supported operation is Get.

/ValidTo: Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure. The only supported operation is Get.

/TemplateName: Returns the certificate template name. The only supported operation is Get.