locked
Secure PFX password for CertificateEnrollmentManager

    Question

  • I have the need to connect to a server that requires client authentication. Without much help of the MSDN docs I figured it out eventually and can connect to the server now.

    var certQuery = new Certificates.CertificateQuery();
                certQuery.friendlyName = "My Cert";
                Certificates.CertificateStores.findAllAsync(certQuery)
                .then(function(certs) {
                  if (!certs.length) {
                    return Windows.ApplicationModel.Package.current.installedLocation.getFileAsync("cert.pfx")
                    .then(Windows.Storage.FileIO.readBufferAsync)
                    .then(function(buffer) {
                      return WinJS.Promise.as(Windows.Security.Cryptography.CryptographicBuffer.encodeToBase64String(buffer));
                    })
                    .then(function(cert) {              
                      return Certificates.CertificateEnrollmentManager.importPfxDataAsync(cert, "XXXXX", 
                        Certificates.ExportOption.exportable,
                      Certificates.KeyProtectionLevel.noConsent, Certificates.InstallOptions.none, "My Cert");
                    })
                  }
                })
                .then(function() {
                  WinJS.xhr({
                    url: "https://url.com:8443/rest/me"
                  }).then(function onComplete(response) {
                    console.trace("OK");
                  }, function onError(response) {
                    console.error(response);
                  });
                });

    However, I do not like to have the PFX password in the JS source. Are there any other options? Since the app will only be installed as side-loaded I think it would be possible to deploy the PFX via the Domain Server policies or something?

    Thursday, February 27, 2014 10:23 PM

Answers

All replies