X.509 certificates (Windows Store apps)
Public key cryptography relies on a public and private key pair to encrypt and decrypt content. The keys are mathematically related, and content encrypted by using one of the keys can only be decrypted by using the other. The private key is kept secret. The public key is typically embedded in a binary certificate, and the certificate is published to a database that can be reached by all authorized users.
The X.509 public key infrastructure (PKI) standard identifies the requirements for robust public key certificates. A certificate is a signed data structure that binds a public key to a person, computer, or organization. Certificates are typically issued by certification authorities (CAs). All who are party to secure communications that make use of a public key rely on the CA to adequately verify the identities of the individuals, systems, or entities to which it issues certificates. The level of verification typically depends on the level of security required for the transaction. If the CA can suitably verify the identity of the requester, it signs (encrypts) and issues the certificate.
Certificates are typically issued by CAs but they do not need to be. If, for example, you have created a web service and a Windows Store app client and you want them to be able to communicate over HTTPS, the server must be able to authenticate to the client. Your Windows Store app does not need to go to a CA to obtain a server certificate. Instead, you can use the manifest to specify that you want the certificate installed with the client.
You can use the Windows.Security.Cryptography.Certificates namespace to create certificate requests and install or import an issued certificate.