CertificateEnrollmentManager CertificateEnrollmentManager CertificateEnrollmentManager CertificateEnrollmentManager Class

Definition

Represents a certificate enrollment manager.

public : static class CertificateEnrollmentManager
public static class CertificateEnrollmentManager
Public Static Class CertificateEnrollmentManager
// This class does not provide a public constructor.
Attributes
Windows 10 requirements
Device family
Windows 10 (introduced v10.0.10240.0)
API contract
Windows.Foundation.UniversalApiContract (introduced v1)

Examples

using Windows.Security.Cryptography.Certificates;
using System.Threading.Tasks;

namespace SampleCertificateEnrollmentManager
{

    sealed partial class CertEnrollMgrApp : Application
    {
        public CertEnrollMgrApp()
        {
            // Initialize the application.
            this.InitializeComponent();

            // Create a certificate request.
            this.GetCertificateRequest();
        }

        public async void GetCertificateRequest()
        {
            // Create a certificate request asynchronously.
            String certificateRequest = await this.SampleCreateRequest();
        }

        public async Task<String>SampleCreateRequest()
        {
            // Create a CertificateRequestProperties object.
            CertificateRequestProperties requestProp = new CertificateRequestProperties();

            // Assign a subject name to the properties object.
            requestProp.Subject = "SampleRequest";

            // Create a certificate request.
            String strRequest = await CertificateEnrollmentManager.CreateRequestAsync(requestProp);

            // Return the request string.
            return strRequest;
        }
    }
}

Remarks

Call the CreateRequestAsync method to create an instance of the CertificateEnrollmentManager object.

This class contains only static properties. You do not have to create an instance of the class to retrieve the properties. Instead, use the class name followed by the dot operator (.), followed by the property name.

Properties

UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager

Gets the associated UserCertificateEnrollmentManager.

public : static UserCertificateEnrollmentManager UserCertificateEnrollmentManager { get; }
public static UserCertificateEnrollmentManager UserCertificateEnrollmentManager { get; }
Public Static ReadOnly Property UserCertificateEnrollmentManager As UserCertificateEnrollmentManager
var userCertificateEnrollmentManager = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.userCertificateEnrollmentManager;
Additional features and requirements
Device family
Windows 10 (introduced v10.0.10240.0)
API contract
Windows.Foundation.UniversalApiContract (introduced v1)
Capabilities
sharedUserCertificates

Remarks

This API installs certificates in the app's certificate store. Certificates in an app's certificate store are only discoverable and usable by that app. To install a certificate in the user's certificate store, enable the sharedUserCertificates capability and use the UserCertificateEnrollmentManager class.

Methods

CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties)

Asynchronously creates a PKCS #10 certificate request based on properties specified in a CertificateRequestProperties object.

public : static IAsyncOperation<Platform::String> CreateRequestAsync(CertificateRequestProperties request)
public static IAsyncOperation<string> CreateRequestAsync(CertificateRequestProperties request)
Public Static Function CreateRequestAsync(request As CertificateRequestProperties) As IAsyncOperation( Of string )
var iAsyncOperation = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.createRequestAsync(request);
Parameters
request
CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties

A CertificateRequestProperties object that contains the property values used to create the certificate request.

Returns

This method returns a string that contains the base64 encoded PKCS #10 certificate request.

Remarks

Certificate enrollment can be performed in an app container. We recommend that you use the following request objects to submit the request:

PropertyDefault value
Subject Empty string
KeyAlgorithmName RSA
KeySize 2048 bits
FriendlyName Empty String
HashAlgorithmName SHA256
Exportable Not Exportable
KeyUsages Signing
KeyProtectionLevel NoConsent
KeyStorageProviderName Microsoft Software Key Storage Provider

While the CreateRequestAsync method creates the certificate request, you will need to submit the request to an http enrollment end point. You can then take the response from the http enrollment end point and then call the InstallCertificateAsync method to install the response.

Note

You must include the Signing value in the KeyUsages property in any@Windows.Security.Cryptography.Certificates.CertificateRequestProperties?text= CertificateRequestProperties object that you use in a call to CreateRequestAsync. If you wish to set KeyUsages to Decryption or KeyAgreement, you must also OR in Signing. Otherwise, the call to CreateRequestAsync will fail.

ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)

Asynchronously imports a certificate from a Personal Information Exchange (PFX) message.

public : static IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, Platform::String friendlyName)
public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName)
Public Static Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String) As IAsyncAction
var iAsyncAction = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.importPfxDataAsync(pfxData, password, exportable, keyProtectionLevel, installOption, friendlyName);
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

exportable
ExportOption ExportOption ExportOption ExportOption

A value of the ExportOption enumeration that specifies whether the key can be exported.

keyProtectionLevel
KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel

A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

friendlyName
Platform::String String String String

The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.

Returns

This method does not return a value.

Remarks

This method imports the certificate chain into the app container.

  • To import an issued certificate, it is not necessary for the certificate request to have been generated on the importing computer.
  • The certificates included in the response need not be chained to trusted root certificates on the importing computer.
  • The certificate is installed in the app container MY store.
  • Certification authority and Root certificates are installed in the app container intermediate certification authority store.
  • The key container name and key specification for the imported certificate are determined as described in the Remarks section of PFXImportCertStore with the exception that if AttributeId 1.3.6.1.4.1.311.17.1 is not present, MS_KEY_STORAGE_PROVIDER is always used as the provider name.
See Also

ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)

Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified key storage provider.

public : static IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, Platform::String friendlyName, Platform::String keyStorageProvider)
public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName, String keyStorageProvider)
Public Static Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String, keyStorageProvider As String) As IAsyncAction
var iAsyncAction = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.importPfxDataAsync(pfxData, password, exportable, keyProtectionLevel, installOption, friendlyName, keyStorageProvider);
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

exportable
ExportOption ExportOption ExportOption ExportOption

A value of the ExportOption enumeration that specifies whether the key can be exported.

keyProtectionLevel
KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel

A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

friendlyName
Platform::String String String String

The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.

keyStorageProvider
Platform::String String String String

The name of the key storage provider to use when importing the certificate.

Returns

This method does not return a value.

Remarks

This method imports the certificate chain into the app container.

  • To import an issued certificate, it is not necessary for the certificate request to have been generated on the importing computer.
  • The certificates included in the response need not be chained to trusted root certificates on the importing computer.
  • The certificate is installed in the app container MY store.
  • Certification authority and Root certificates are installed in the app container intermediate certification authority store.
  • The key container name and key specification for the imported certificate are determined as described in the Remarks section of PFXImportCertStore with the exception that if AttributeId 1.3.6.1.4.1.311.17.1 is not present, MS_KEY_STORAGE_PROVIDER is always used as the provider name.
See Also

ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters)

Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using import parameters.

public : static IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, PfxImportParameters pfxImportParameters)
public static IAsyncAction ImportPfxDataAsync(String pfxData, String password, PfxImportParameters pfxImportParameters)
Public Static Function ImportPfxDataAsync(pfxData As String, password As String, pfxImportParameters As PfxImportParameters) As IAsyncAction
var iAsyncAction = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.importPfxDataAsync(pfxData, password, pfxImportParameters);
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

pfxImportParameters
PfxImportParameters PfxImportParameters PfxImportParameters PfxImportParameters

The PFX import parameters.

Returns

This method does not return a value.

See Also

InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions)

Asynchronously Installs a certificate chain into the app container on the local computer.

public : static IAsyncAction InstallCertificateAsync(Platform::String certificate, InstallOptions installOption)
public static IAsyncAction InstallCertificateAsync(String certificate, InstallOptions installOption)
Public Static Function InstallCertificateAsync(certificate As String, installOption As InstallOptions) As IAsyncAction
var iAsyncAction = Windows.Security.Cryptography.Certificates.CertificateEnrollmentManager.installCertificateAsync(certificate, installOption);
Parameters
certificate
Platform::String String String String

The encoded certificate. The certificate is encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

Returns

This method does not return a value.

Remarks

This method installs the certificate chain into the app container:

  • The certificate request for the input certificate must have been previously generated on the local computer by calling the CreateRequestAsync method.
  • The certificates included in the response need not be chained to trusted root certificates on the installing computer.
  • The certificate is installed in the app container MY store.
  • Certification authority (CA) and Root certificates are installed in the app container intermediate CA store.