UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager UserCertificateEnrollmentManager Class

Definition

Provides access to certificate creation, import, and enrollment methods.

public : sealed class UserCertificateEnrollmentManager : IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2
public sealed class UserCertificateEnrollmentManager : IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2
Public NotInheritable Class UserCertificateEnrollmentManager Implements IUserCertificateEnrollmentManager, IUserCertificateEnrollmentManager2
// This class does not provide a public constructor.
Attributes
Windows 10 requirements
Device family
Windows 10 (introduced v10.0.10240.0)
API contract
Windows.Foundation.UniversalApiContract (introduced v1)
Capabilities
sharedUserCertificates

Remarks

To use this API, you must enable the sharedUserCertificates capability so it can install certificates into the shared user store. For more information on enabling the sharedUserCertificates capability, see App capability declarations.

Methods

CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties) CreateRequestAsync(CertificateRequestProperties)

Asynchronously creates a PKCS #10 certificate request based on properties specified in a CertificateRequestProperties object.

public : IAsyncOperation<Platform::String> CreateRequestAsync(CertificateRequestProperties request)
public IAsyncOperation<string> CreateRequestAsync(CertificateRequestProperties request)
Public Function CreateRequestAsync(request As CertificateRequestProperties) As IAsyncOperation( Of string )
Windows.Security.Cryptography.Certificates.UserCertificateEnrollmentManager.createRequestAsync(request).done( /* Your success and error handlers */ );
Parameters
request
CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties CertificateRequestProperties

A CertificateRequestProperties object that contains the property values used to create the certificate request.

Returns

An asynchronous operation to retrieve the base64 encoded PKCS #10 certificate request.

Remarks

Certificate enrollment can be performed in an app container. We recommend that you use the following request objects to submit the request:

PropertyDefault value
Subject Empty string
KeyAlgorithmName RSA
KeySize 2048 bits
FriendlyName Empty String
HashAlgorithmName SHA256
Exportable Not Exportable
KeyUsages Signing
KeyProtectionLevel NoConsent
KeyStorageProviderName Microsoft Software Key Storage Provider

While the CreateRequestAsync method creates the certificate request, you will need to submit the request to an http enrollment end point. You can then take the response from the http enrollment end point and then call the InstallCertificateAsync method to install the response.

Note

You must include the Signing value in the KeyUsages property in any@Windows.Security.Cryptography.Certificates.CertificateRequestProperties?text= CertificateRequestProperties object that you use in a call to CreateRequestAsync. If you wish to set KeyUsages to Decryption or KeyAgreement, you must also OR in Signing. Otherwise, the call to CreateRequestAsync will fail.

ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String)

Asynchronously imports a user certificate from a Personal Information Exchange (PFX) message.

public : IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, Platform::String friendlyName)
public IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName)
Public Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String) As IAsyncAction
Windows.Security.Cryptography.Certificates.UserCertificateEnrollmentManager.importPfxDataAsync(pfxData, password, exportable, keyProtectionLevel, installOption, friendlyName).done( /* Your success and error handlers */ );
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

exportable
ExportOption ExportOption ExportOption ExportOption

A value of the ExportOption enumeration that specifies whether the key can be exported.

keyProtectionLevel
KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel

A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

friendlyName
Platform::String String String String

The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.

Returns

This method does not return a value.

Examples

The following code imports a pfx-based certificate into the user's "My" store and protects the certificate's private key using the devices Trusted Platform Module (TPM). Note that apps require the sharedUserCertificates capability to import PFX files or use certificates from the user's "MY" certificate store.

CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
    pfxData,
    password,
    ExportOption.NotExportable,
    KeyProtectionLevel.NoConsent,
    InstallOptions.DeleteExpired,
    strFriendlyName,
    KeyStorageProviderNames.PlatformKeyStorageProvider);
See Also

ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String) ImportPfxDataAsync(String, String, ExportOption, KeyProtectionLevel, InstallOptions, String, String)

Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified key storage provider.

public : IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, Platform::String friendlyName, Platform::String keyStorageProvider)
public IAsyncAction ImportPfxDataAsync(String pfxData, String password, ExportOption exportable, KeyProtectionLevel keyProtectionLevel, InstallOptions installOption, String friendlyName, String keyStorageProvider)
Public Function ImportPfxDataAsync(pfxData As String, password As String, exportable As ExportOption, keyProtectionLevel As KeyProtectionLevel, installOption As InstallOptions, friendlyName As String, keyStorageProvider As String) As IAsyncAction
Windows.Security.Cryptography.Certificates.UserCertificateEnrollmentManager.importPfxDataAsync(pfxData, password, exportable, keyProtectionLevel, installOption, friendlyName, keyStorageProvider).done( /* Your success and error handlers */ );
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

The password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

exportable
ExportOption ExportOption ExportOption ExportOption

A value of the ExportOption enumeration that specifies whether the key can be exported.

keyProtectionLevel
KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel KeyProtectionLevel

A value of the KeyProtectionLevel enumeration that specifies the strength of the key protection. The default is NoConsent.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

friendlyName
Platform::String String String String

The display name of the enrolled certificate. This value overwrites the FriendlyName property inside the PFX message.

keyStorageProvider
Platform::String String String String

The name of the key storage provider to use when importing the certificate.

Returns

This method does not return a value.

Examples

The following code imports a pfx-based certificate into the user's "My" store and protects the certificate's private key using the devices Trusted Platform Module (TPM). Note that apps require the sharedUserCertificates capability to import PFX files or use certificates from the user's "MY" certificate store.

CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
    pfxData,
    password,
    ExportOption.NotExportable,
    KeyProtectionLevel.NoConsent,
    InstallOptions.DeleteExpired,
    strFriendlyName,
    KeyStorageProviderNames.PlatformKeyStorageProvider);
See Also

ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters) ImportPfxDataAsync(String, String, PfxImportParameters)

Asynchronously imports a certificate from a Personal Information Exchange (PFX) message using the specified import parameters.

public : IAsyncAction ImportPfxDataAsync(Platform::String pfxData, Platform::String password, PfxImportParameters pfxImportParameters)
public IAsyncAction ImportPfxDataAsync(String pfxData, String password, PfxImportParameters pfxImportParameters)
Public Function ImportPfxDataAsync(pfxData As String, password As String, pfxImportParameters As PfxImportParameters) As IAsyncAction
Windows.Security.Cryptography.Certificates.UserCertificateEnrollmentManager.importPfxDataAsync(pfxData, password, pfxImportParameters).done( /* Your success and error handlers */ );
Parameters
pfxData
Platform::String String String String

Base64-encoded PFX message.

password
Platform::String String String String

he password used to decrypt and verify the PFX packet. The password must be exactly the same as the password that was used to encrypt the packet.

Returns

This method does not return a value.

See Also

InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions) InstallCertificateAsync(String, InstallOptions)

Asynchronously installs a certificate chain into the app container on the local computer.

public : IAsyncAction InstallCertificateAsync(Platform::String certificate, InstallOptions installOption)
public IAsyncAction InstallCertificateAsync(String certificate, InstallOptions installOption)
Public Function InstallCertificateAsync(certificate As String, installOption As InstallOptions) As IAsyncAction
Windows.Security.Cryptography.Certificates.UserCertificateEnrollmentManager.installCertificateAsync(certificate, installOption).done( /* Your success and error handlers */ );
Parameters
certificate
Platform::String String String String

The encoded certificate. The certificate is encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard.

installOption
InstallOptions InstallOptions InstallOptions InstallOptions

An InstallOptions enumeration value that specifies the certificate installation option.

Returns

This method does not return a value.