You can write an app that uses its own trust anchor rather than inheriting from system trust. Use the certificates extension in the manifest to identify the trust certificates you want to install when your application is deployed. The following example excludes inheritance from system trust and adds a root certificate and a standalone CA certificate to app container stores.
<Extensions> <!--Certificates Extension--> <Extension Category="windows.certificates"> <Certificates> <Certificate StoreName="Root" Content="myroot.cer" /> <Certificate StoreName="CA" Content="mystandca.cer"/> <TrustFlags ExclusiveTrust="true" /> </Certificates> </Extension> </Extensions>
The root need not be trusted through the Microsoft root program. The root is trusted only for your application and does not affect trust for other applications on the system. For more information about the certificates extension, see Setting the certificates extension.