2.2.9.4 RootCATrustedCertificates Configuration Service Provider
The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates. The ./User/ configuration is not supported in RootCATrustedCertificates/Root/ node.
The following image shows the RootCATrustedCertificates configuration service provider in tree format.
Figure 6: The RootCACertificate configuration service provider in tree format
Device or User: The root node for the RootCATrustedCertificates configuration service provider. For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.
RootCATrustedCertificates/Root: Node for Root (self-signed) certificates.
RootCATrustedCertificates/CA: The node for CA certificates.
RootCATrustedCertificates/TrustedPublisher: The node for trusted publisher certificates.
RootCATrustedCertificates/TrustedPeople: The node for trusted people certificates.
/CertHash: Defines the SHA-1 hash for the certificate. The 20-byte value of the SHA-1 certificate hash is specified as a hexadecimal string value. The supported operations are Add, Delete, and Replace.
/EncodedCertificate: Specifies the X.509 certificate as a base64-encoded string. The base64 string value cannot include extra formatting characters such as embedded linefeeds. The supported operations are Add, Delete, Get, and Replace.
/IssuedBy: Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. The only supported operation is Get.
/IssuedTo: Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. The only supported operation is Get.
/ValidFrom: Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure. The only supported operation is Get.
/ValidTo: Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure. The only supported operation is Get.
/TemplateName: Returns the certificate template name. The only supported operation is Get.