CertificateEnrollmentManager
CertificateEnrollmentManager
CertificateEnrollmentManager
CertificateEnrollmentManager
Class
Definition
Represents a certificate enrollment manager.
public : static class CertificateEnrollmentManagerpublic static class CertificateEnrollmentManagerPublic Static Class CertificateEnrollmentManager// You can use this class in JavaScript.
- Attributes
| Device family |
Windows 10 (introduced v10.0.10240.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced v1)
|
Examples
using Windows.Security.Cryptography.Certificates;
using System.Threading.Tasks;
namespace SampleCertificateEnrollmentManager
{
sealed partial class CertEnrollMgrApp : Application
{
public CertEnrollMgrApp()
{
// Initialize the application.
this.InitializeComponent();
// Create a certificate request.
this.GetCertificateRequest();
}
public async void GetCertificateRequest()
{
// Create a certificate request asynchronously.
String certificateRequest = await this.SampleCreateRequest();
}
public async Task<String>SampleCreateRequest()
{
// Create a CertificateRequestProperties object.
CertificateRequestProperties requestProp = new CertificateRequestProperties();
// Assign a subject name to the properties object.
requestProp.Subject = "SampleRequest";
// Create a certificate request.
String strRequest = await CertificateEnrollmentManager.CreateRequestAsync(requestProp);
// Return the request string.
return strRequest;
}
}
}
Remarks
Call the CreateRequestAsync method to create an instance of the CertificateEnrollmentManager object.
This class contains only static properties. You do not have to create an instance of the class to retrieve the properties. Instead, use the class name followed by the dot operator (.), followed by the property name.
Properties
UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager
Gets the associated UserCertificateEnrollmentManager.
public : static UserCertificateEnrollmentManager UserCertificateEnrollmentManager { get; }public static UserCertificateEnrollmentManager UserCertificateEnrollmentManager { get; }Public Static ReadOnly Property UserCertificateEnrollmentManager As UserCertificateEnrollmentManager// You can use this property in JavaScript.
- Value
- UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager
The associated UserCertificateEnrollmentManager.
| Device family |
Windows 10 (introduced v10.0.10240.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced v1)
|
| Capabilities |
sharedUserCertificates
|
Remarks
This API installs certificates in the app's certificate store. Certificates in an app's certificate store are only discoverable and usable by that app. To install a certificate in the user's certificate store, enable the sharedUserCertificates capability and use the UserCertificateEnrollmentManager class.
Methods
CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties)
Asynchronously creates a PKCS #10 certificate request based on properties specified in a CertificateRequestProperties object.
public : static IAsyncOperation<PlatForm::String> CreateRequestAsync(CertificateRequestProperties request)public static IAsyncOperation<string> CreateRequestAsync(CertificateRequestProperties request)Public Static Function CreateRequestAsync(request As CertificateRequestProperties) As IAsyncOperation( Of string )// You can use this method in JavaScript.
- request
- CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties
A CertificateRequestProperties object that contains the property values used to create the certificate request.
This method returns a string that contains the base64 encoded PKCS #10 certificate request.
Remarks
Certificate enrollment can be performed in an app container. We recommend that you use the following request objects to submit the request:
- XMLHttpRequest (JavaScript)
- HttpWebRequest (C#)
- IXMLHTTPRequest (C++) The CertificateRequestProperties object contains the following default values.
| Property | Default value |
|---|---|
| Subject | Empty string |
| KeyAlgorithmName | RSA |
| KeySize | 2048 bits |
| FriendlyName | Empty String |
| HashAlgorithmName | SHA256 |
| Exportable | Not Exportable |
| KeyUsages | Signing |
| KeyProtectionLevel | NoConsent |
| KeyStorageProviderName | Microsoft Software Key Storage Provider |
While the CreateRequestAsync method creates the certificate request, you will need to submit the request to an http enrollment end point. You can then take the response from the http enrollment end point and then call the InstallCertificateAsync method to install the response.
Note
You must include the Signing value in the KeyUsages property in any@Windows.Security.Cryptography.Certificates.CertificateRequestProperties?text= CertificateRequestProperties object that you use in a call to CreateRequestAsync. If you wish to set KeyUsages to Decryption or KeyAgreement, you must also OR in Signing. Otherwise, the call to CreateRequestAsync will fail.
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)
Asynchronously imports a certificate from a Personal Information Exchange (PFX) message.
public : static IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, PlatForm::String friendlyName)public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName)Public Static Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- exportable
- ExportOption ExportOption ExportOption ExportOption
A value of the ExportOption enumeration that specifies whether the key can be exported.
- keyProtectionLevel
- KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel
A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
- friendlyName
- PlatForm::String String String String
The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.
This method does not return a value.
Remarks
This method imports the certificate chain into the app container.
- To import an issued certificate, it is not necessary for the certificate request to have been generated on the importing computer.
- The certificates included in the response need not be chained to trusted root certificates on the importing computer.
- The certificate is installed in the app container MY store.
- Certification authority and Root certificates are installed in the app container intermediate certification authority store.
- The key container name and key specification for the imported certificate are determined as described in the Remarks section of PFXImportCertStore with the exception that if AttributeId 1.3.6.1.4.1.311.17.1 is not present, MS_KEY_STORAGE_PROVIDER is always used as the provider name.
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)
Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified key storage provider.
public : static IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, PlatForm::String friendlyName, PlatForm::String keyStorageProvider)public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName, String keyStorageProvider)Public Static Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String, keyStorageProvider As String) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- exportable
- ExportOption ExportOption ExportOption ExportOption
A value of the ExportOption enumeration that specifies whether the key can be exported.
- keyProtectionLevel
- KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel
A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
- friendlyName
- PlatForm::String String String String
The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.
- keyStorageProvider
- PlatForm::String String String String
The name of the key storage provider to use when importing the certificate.
This method does not return a value.
Remarks
This method imports the certificate chain into the app container.
- To import an issued certificate, it is not necessary for the certificate request to have been generated on the importing computer.
- The certificates included in the response need not be chained to trusted root certificates on the importing computer.
- The certificate is installed in the app container MY store.
- Certification authority and Root certificates are installed in the app container intermediate certification authority store.
- The key container name and key specification for the imported certificate are determined as described in the Remarks section of PFXImportCertStore with the exception that if AttributeId 1.3.6.1.4.1.311.17.1 is not present, MS_KEY_STORAGE_PROVIDER is always used as the provider name.
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)
ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters)
Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using import parameters.
public : static IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, PfxImportParameters pfxImportParameters)public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, PfxImportParameters pfxImportParameters)Public Static Function ImportPfxDataAsync(pfxData As String, password As String, pfxImportParameters As PfxImportParameters) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- pfxImportParameters
- PfxImportParameters PfxImportParameters PfxImportParameters PfxImportParameters
The PFX import parameters.
This method does not return a value.
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)
InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions)
Asynchronously Installs a certificate chain into the app container on the local computer.
public : static IAsyncAction InstallCertificateAsync(PlatForm::String certificate, InstallOptions installOption)public static IAsyncAction InstallCertificateAsync(String certificate, InstallOptions installOption)Public Static Function InstallCertificateAsync(certificate As String, installOption As InstallOptions) As IAsyncAction// You can use this method in JavaScript.
- certificate
- PlatForm::String String String String
The encoded certificate. The certificate is encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
This method does not return a value.
Remarks
This method installs the certificate chain into the app container:
- The certificate request for the input certificate must have been previously generated on the local computer by calling the CreateRequestAsync method.
- The certificates included in the response need not be chained to trusted root certificates on the installing computer.
- The certificate is installed in the app container MY store.
- Certification authority (CA) and Root certificates are installed in the app container intermediate CA store.