UserCertificateEnrollmentManager
UserCertificateEnrollmentManager
UserCertificateEnrollmentManager
UserCertificateEnrollmentManager
Class
Definition
Provides access to certificate creation, import, and enrollment methods.
public : sealed class UserCertificateEnrollmentManager : IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2public sealed class UserCertificateEnrollmentManager : IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2Public NotInheritable Class UserCertificateEnrollmentManager Implements IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2// You can use this class in JavaScript.
- Attributes
| Device family |
Windows 10 (introduced v10.0.10240.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced v1)
|
| Capabilities |
sharedUserCertificates
|
Remarks
To use this API, you must enable the sharedUserCertificates capability so it can install certificates into the shared user store. For more information on enabling the sharedUserCertificates capability, see App capability declarations.
Methods
CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties)
Asynchronously creates a PKCS #10 certificate request based on properties specified in a CertificateRequestProperties object.
public : IAsyncOperation<PlatForm::String> CreateRequestAsync(CertificateRequestProperties request)public IAsyncOperation<string> CreateRequestAsync(CertificateRequestProperties request)Public Function CreateRequestAsync(request As CertificateRequestProperties) As IAsyncOperation( Of string )// You can use this method in JavaScript.
- request
- CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties
A CertificateRequestProperties object that contains the property values used to create the certificate request.
An asynchronous operation to retrieve the base64 encoded PKCS #10 certificate request.
Remarks
Certificate enrollment can be performed in an app container. We recommend that you use the following request objects to submit the request:
- XMLHttpRequest (JavaScript)
- HttpWebRequest (C#)
- IXMLHTTPRequest (C++) The CertificateRequestProperties object contains the following default values.
| Property | Default value |
|---|---|
| Subject | Empty string |
| KeyAlgorithmName | RSA |
| KeySize | 2048 bits |
| FriendlyName | Empty String |
| HashAlgorithmName | SHA256 |
| Exportable | Not Exportable |
| KeyUsages | Signing |
| KeyProtectionLevel | NoConsent |
| KeyStorageProviderName | Microsoft Software Key Storage Provider |
While the CreateRequestAsync method creates the certificate request, you will need to submit the request to an http enrollment end point. You can then take the response from the http enrollment end point and then call the InstallCertificateAsync method to install the response.
Note
You must include the Signing value in the KeyUsages property in any@Windows.Security.Cryptography.Certificates.CertificateRequestProperties?text= CertificateRequestProperties object that you use in a call to CreateRequestAsync. If you wish to set KeyUsages to Decryption or KeyAgreement, you must also OR in Signing. Otherwise, the call to CreateRequestAsync will fail.
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)
Asynchronously imports a user certificate from a Personal Information Exchange (PFX) message.
public : IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, PlatForm::String friendlyName)public IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName)Public Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- exportable
- ExportOption ExportOption ExportOption ExportOption
A value of the ExportOption enumeration that specifies whether the key can be exported.
- keyProtectionLevel
- KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel
A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
- friendlyName
- PlatForm::String String String String
The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.
This method does not return a value.
Examples
The following code imports a pfx-based certificate into the user's "My" store and protects the certificate's private key using the devices Trusted Platform Module (TPM). Note that apps require the sharedUserCertificates capability to import PFX files or use certificates from the user's "MY" certificate store.
CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
pfxData,
password,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.DeleteExpired,
strFriendlyName,
KeyStorageProviderNames.PlatformKeyStorageProvider);
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)
Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified key storage provider.
public : IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, PlatForm::String friendlyName, PlatForm::String keyStorageProvider)public IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName, String keyStorageProvider)Public Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String, keyStorageProvider As String) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- exportable
- ExportOption ExportOption ExportOption ExportOption
A value of the ExportOption enumeration that specifies whether the key can be exported.
- keyProtectionLevel
- KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel
A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
- friendlyName
- PlatForm::String String String String
The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.
- keyStorageProvider
- PlatForm::String String String String
The name of the key storage provider to use when importing the certificate.
This method does not return a value.
Examples
The following code imports a pfx-based certificate into the user's "My" store and protects the certificate's private key using the devices Trusted Platform Module (TPM). Note that apps require the sharedUserCertificates capability to import PFX files or use certificates from the user's "MY" certificate store.
CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
pfxData,
password,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.DeleteExpired,
strFriendlyName,
KeyStorageProviderNames.PlatformKeyStorageProvider);
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)
ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters)
Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified import parameters.
public : IAsyncAction ImportPfxDataAsync(PlatForm::String pfxData, PlatForm::String password, PfxImportParameters pfxImportParameters)public IAsyncAction ImportPfxDataAsync(String pfxData, String password, PfxImportParameters pfxImportParameters)Public Function ImportPfxDataAsync(pfxData As String, password As String, pfxImportParameters As PfxImportParameters) As IAsyncAction// You can use this method in JavaScript.
- pfxData
- PlatForm::String String String String
Base64-encoded PFX message.
- password
- PlatForm::String String String String
he password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.
- pfxImportParameters
- PfxImportParameters PfxImportParameters PfxImportParameters PfxImportParameters
The import parameters.
This method does not return a value.
- See Also
-
ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)
InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions)
Asynchronously installs a certificate chain into the app container on the local computer.
public : IAsyncAction InstallCertificateAsync(PlatForm::String certificate, InstallOptions installOption)public IAsyncAction InstallCertificateAsync(String certificate, InstallOptions installOption)Public Function InstallCertificateAsync(certificate As String, installOption As InstallOptions) As IAsyncAction// You can use this method in JavaScript.
- certificate
- PlatForm::String String String String
The encoded certificate. The certificate is encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard.
- installOption
- InstallOptions InstallOptions InstallOptions InstallOptions
An InstallOptions enumeration value that specifies the certificate installation option.
This method does not return a value.