RootCATrustedCertificates 云解决方案提供商RootCATrustedCertificates CSP

RootCATrustedCertificates 配置服务提供程序使企业能够将根证书颁发机构 (CA) 证书。The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.

备注

RootCATrustedCertificates/Root/ 不支持 ./User/ 配置。The ./User/ configuration is not supported for RootCATrustedCertificates/Root/.

下面以树格式显示 RootCATrustedCertificates 配置服务提供程序。The following shows the RootCATrustedCertificates configuration service provider in tree format.

主体根节点的详细规范:Detailed specification of the principal root nodes:

./Vendor/MSFT
RootCATrustedCertificates
----Root
--------CertHash
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
----CA
--------CertHash
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
----TrustedPublisher
--------CertHash
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName
----TrustedPeople
--------CertHash
------------EncodedCertificate
------------IssuedBy
------------IssuedTo
------------ValidFrom
------------ValidTo
------------TemplateName

设备或用户Device or User
对于设备证书,请使用 ./Device/Vendor/MSFT 路径,对于用户证书,请使用 ./User/Vendor/MSFT 路径。For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.

RootCATrustedCertificatesRootCATrustedCertificates
RootCATrustedCertificates 配置服务提供程序的根节点。The root node for the RootCATrustedCertificates configuration service provider.

RootCATrustedCertificates/Root/RootCATrustedCertificates/Root/
定义包含根证书或自签名证书的证书存储(本例中为计算机存储)。Defines the certificate store that contains root, or self-signed certificates, in this case, the computer store.

备注

RootCATrustedCertificates/Root/ 不支持 ./User/ 配置。The ./User/ configuration is not supported for RootCATrustedCertificates/Root/.

RootCATrustedCertificates/CARootCATrustedCertificates/CA
CA 证书的节点。Node for CA certificates.

RootCATrustedCertificates/TrustedPublisherRootCATrustedCertificates/TrustedPublisher
受信任发布者证书的节点。Node for trusted publisher certificates.

RootCATrustedCertificates/TrustedPeopleRootCATrustedCertificates/TrustedPeople
受信任人员证书的节点。Node for trusted people certificates.

RootCATrustedCertificates/UntrustedCertificatesRootCATrustedCertificates/UntrustedCertificates
已添加到 Windows 10 版本 1803。Added in Windows 10, version 1803. 不受信任的证书的节点。Node for certificates that are not trusted. IT 管理员可以使用此节点立即标记已受到威胁且不再可以使用的证书。IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.

CertHashCertHash
定义证书的 SHA1 哈希。Defines the SHA1 hash for the certificate. SHA1 证书哈希的 20 字节值指定为十六进制字符串值。The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. 此节点通用于所有主体根节点。This node is common for all the principal root nodes. 支持的操作是 Get 和 Delete。The supported operations are Get and Delete.

以下节点通用于 CertHash 节点:The following nodes are all common to the CertHash node:

/EncodedCertificate/EncodedCertificate
将 X.509 证书指定为 Base64 编码的字符串。Specifies the X.509 certificate as a Base64-encoded string. Base-64 字符串值不能包含额外的格式字符,如嵌入式换行符等。 支持的操作包括添加、获取和替换。The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace.

/IssuedBy/IssuedBy
返回证书颁发者的名称。Returns the name of the certificate issuer. 这相当于 CERT_INFO中的 Issuer 成员。 ****This is equivalent to the Issuer member in the CERT_INFO data structure. 唯一受支持的操作是 Get。The only supported operation is Get.

/IssuedTo/IssuedTo
返回证书主题的名称。Returns the name of the certificate subject. 这相当于 CERT_INFO中的 Subject 成员。 ****This is equivalent to the Subject member in the CERT_INFO data structure. 唯一受支持的操作是 Get。The only supported operation is Get.

/ValidFrom/ValidFrom
返回证书有效期的开始日期。Returns the starting date of the certificate's validity. 这相当于 CERT_INFO中的 NotBefore 成员。This is equivalent to the NotBefore member in the CERT_INFO data structure. 唯一受支持的操作是 Get。The only supported operation is Get.

/ValidTo/ValidTo
返回证书的到期日期。Returns the expiration date of the certificate. 这相当于 CERT_INFO中的 NotAfter 成员。This is equivalent to the NotAfter member in the CERT_INFO data structure. 唯一受支持的操作是 Get。The only supported operation is Get.

/TemplateName/TemplateName
返回证书模板名称。Returns the certificate template name. 唯一受支持的操作是 Get。The only supported operation is Get.

配置服务提供程序参考Configuration service provider reference