MDM_ClientCertificateInstall_User02_PFXCertInstall03_01 class

[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]

The MDM_ClientCertificateInstall_User02_PFXCertInstall03_01 class enables the enterprise to configure the PFX certificate related settings of client certificates.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[dynamic, provider("DMWmiBridgeProv"), AMENDMENT]class MDM_ClientCertificateInstall_User02_PFXCertInstall03_01
{
  string  InstanceID;
  string  ParentID;
  string  PFXCertBlob;
  string  PFXCertPassword;
  boolean PFXKeyExportable;
  sint32  KeyLocation;
  string  ContainerName;
  sint32  Status;
  boolean IsPasswordEncrypted;
};

Members

The MDM_ClientCertificateInstall_User02_PFXCertInstall03_01 class has these types of members:

  • Properties

Properties

The MDM_ClientCertificateInstall_User02_PFXCertInstall03_01 class has these properties.

ContainerName

Data type: string

Access type: Read-only

Optional. Specifies the NGC container name (if NGC KSP is chosen for this node). If this node is not specified when NGC KSP is chosen, enrollment will fail.

InstanceID

Data type: string

Access type: Read-only

Qualifiers: key

Identifies the name of the parent node. For this class, a unique ID to differentiate different certificate install requests.

IsPasswordEncrypted

Data type: boolean

Access type: Read-only

Optional. Used to specify if the PFX certificate password is encrypted with the MDM certificate by the MDM sever. The datatype for this node is bool. If the value is true, the password should be encrypted with the MDM certificate as the client will try to decrypt using that.

KeyLocation

Data type: sint32

Access type: Read-only

Required for PFX certificate installation. Indicates the KeyStorage provider to target the private key installation to.

The data type will be an integer corresponding to one of the following values:

Value Description
1 Install to TPM if present. If not present, fallback to software.
2 Install to TPM, fail if not present .
3 Install to software.
4 Install to NGC.

 

ParentID

Data type: string

Access type: Read-only

Qualifiers: key

Describes the full path to the parent node. For this class, the string is "./Vendor/MSFT/ClientCertificateInstall/My/User/PFXCertInstall"

PFXCertBlob

Data type: string

Access type: Read-only

Qualifiers: Octetstring

CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. Add on this node will trigger the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This will also set the Status node to the current Status of the operation.

If Add is called on this node and a blob already exists, it will fail. If Replace is called on this node, the certificates will be overwritten.

If Add is called on this node for a new PFX, the certificate will be added. If Replace is called on this node when it does not exist, this will fail.

In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB can be found in CRYPT_INTEGER_BLOB.

PFXCertPassword

Data type: string

Access type: Read-only

Password that protects the PFX blob. This is required if the PFX is password protected.

PFXKeyExportable

Data type: boolean

Access type: Read-only

Optional. Used to specify if the private key installed is exportable (and can be exported later).

Status

Data type: sint32

Access type: Read-only

Required. Returns the error code of the PFX installation from the GetLastError command called after the PfxImportCertStore.

Requirements

Minimum supported client

Windows 10 Insider Preview

Minimum supported server

None supported

Namespace

Root\CIMv2\MDM\DMMap

MOF

DMWmiBridgeProv.mof

DLL

DMWmiBridgeProv.dll