Extensions (Windows Store apps)
The Certificates extension enables you to install certificates with the application, specify whether to inherit from system trust, and set certificate selection criteria. The following sections show you how to specify a Certificates extension:
Certificates extension schema
<!--CERTIFICATES EXTENSION SCHEMA-->
<xs:complexType name="CT_Certificates">
<xs:sequence>
<xs:element name="Certificate" type="CT_CertificateContent" minOccurs="0" maxOccurs="100"/>
<xs:element name="TrustFlags" type="CT_CertificateTrustFlags" minOccurs="0"/>
<xs:element name="SelectionCriteria" type="CT_CertificateSelectionCriteria" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="CT_CertificateContent">
<xs:attribute name="StoreName" type="ST_CertificateStoreName" use="required"/>
<xs:attribute name="Content" type="ST_FileName" use="required"/>
</xs:complexType>
<xs:complexType name="CT_CertificateTrustFlags">
<xs:attribute name="ExclusiveTrust" type="xs:boolean" use="required "/>
</xs:complexType>
<xs:complexType name="CT_CertificateSelectionCriteria ">
<xs:attribute name="HardwareOnly" type="xs:boolean" use="optional"/>
<xs:attribute name="AutoSelect" type="xs:boolean" use="optional"/>
</xs:complexType>
<xs:simpleType name="ST_CertificateStoreName">
<xs:restriction base="xs:string">
<xs:pattern value="[-_A-Za-z0-9]+"/>
<xs:maxLength value="50"/>
</xs:restriction>
</xs:simpleType>
Certificates extension content
| Element | Attribute | Description | Allowed text | Optional |
|---|---|---|---|---|
Certificate |
The certificate to be installed in the app container specific certificate store. The store is specified by the StoreName attribute. The certificate is specified by the Content attribute. |
Yes |
||
StoreName |
Specifies the name of the certificate store. This can be a well-known store such as Root, CA, or TrustedPeople or a custom name. A special store named Issuer can contain a name list of issuers to be used for certificate selection. |
Can contain alphanumeric characters, "-", "_", and white space. This can be any name allowed as a registry key name. |
No |
|
Content |
File path of the certificate to be added to the store. |
Can be any valid file path. The certificate file must be in a format supported by Windows. |
No |
|
TrustFlags |
Flags that define certificate validation behavior. |
Yes |
||
ExclusiveTrust |
True specifies that the application will not inherit from system trust. |
True False |
Yes |
|
SelectionCriteria |
Flags that specify certificate selection criteria. |
Yes |
||
HardwareOnly |
True specifies that the selected certificate must be hardware-based. |
True False |
Yes |
|
AutoSelect |
True specifies that the selected certificate be automatically selected from within the app container. |
True False |
Yes |
Certificates extension sample #1
<Extensions>
<!--Certificates Extension-->
<Extension Category="Microsoft.Windows.Certificates">
<Certificates>
<Certificate StoreName="Root" Content="Certificates\Root\myroot1.cer"/>
<Certificate StoreName="Root" Content="myroot2.cer"/>
<Certificate StoreName="TrustedPeople" Content="mypeer1.sst"/>
<Certificate StoreName="Issuer" Content="myissuer.cer"/>
<TrustFlags ExclusiveTrust="true"/>
<SelectionCriteria HardwareOnly="true" AutoSelect="true"/>
</Certificates>
</Extension>
</Extensions>
Certificates extension sample #2
<Extensions>
<!--Certificates Extension-->
<Extension Category="windows.certificates">
<Certificates>
<Certificate StoreName="Root" Content="myroot.cer" />
<Certificate StoreName="CA" Content="mystandca.cer"/>
<TrustFlags ExclusiveTrust="true" />
<SelectionCriteria AutoSelect="true" />
</Certificates>
</Extension>
</Extensions>