locked
How to operate on x509 certificates and the cert store?

    Question

  • Dear all,

    As for the certificate, I have two questions:

    1. Is there any way to operate the x509 certificates in Windows Store App?

    2. Is it possible to access the (personal or trusted root)certificate stores of the current user and the local machine?

        Per this link on MSDN: An app running in an app container has write access to only its own certificate storage.

        I think it means that we could operate some kind of certificate store.

    I've searched much on Google and MSDN examples, but I haven't gotten the exact answers. Almost all of them are .NET implementations.

    Sorry for my stupid questions if there would be any.

    Thanks.

    Wednesday, July 9, 2014 11:01 AM

Answers

All replies

  • Hi,

    You can use the Windows.Security.Cryptography.Certificates namespace to handle the certificate in windows store app. And Certificates that are intended for use in a specific app container are stored in per user, per app container locations. An app running in an app container has write access to only its own certificate storage.You can retrieve certificates from the certificate store using the FindAllAsync method. And use CertificateStore class adds or delete a certificate to the certificate store. And you can refer to the link below:

    http://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh465041.aspx

    And refer to the sample:

    http://code.msdn.microsoft.com/windowsapps/Cryptography-and-3305467b

    Best Wishes!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

    Thursday, July 10, 2014 3:12 AM
  • Hi, Anne,

    Thank you very much for your reply.

    I am still unclear about two things:

    1. what is the relationship between the Certificate class from MSDN and the x509 certificates? Almost all documents are mentioning the certificates instead of the X509 one.

        I couldn't assume they are the same, for example, this thread from StackExchange had discussed the slight difference.

    2. for those certificates in certmgr.msc(or using mmc to open the certmgr for the local computer), we could operate the personal cert store. Is there any way to read/modify the certificates in "Trusted Root Certification Authorities"?

    Thank you very much!



    • Edited by B0L Thursday, July 10, 2014 5:56 AM
    Thursday, July 10, 2014 5:52 AM
  • Hi,

    I read link below:

    http://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh464941.aspx

    You can use the Windows.Security.Cryptography.Certificates namespace to create certificate requests and install or import an issued certificate.

    So I think the API in this namespace can handle the x509 certificates.

    The CertificateStores.TrustedRootCertificationAuthoritiescan get the certificate store of trusted root certificates for an app. But seems there no direct API in windows store app can read/modify the certificates.

    Best Wishes!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

    Friday, July 11, 2014 8:42 AM
  • Hi, Anne,

    Thank you very much for the reply. Per my tests, we could only read and get those certs in the personal cert store. I am still looking for other ways to try to read those certs in the trusted root store.

    Monday, July 21, 2014 1:18 AM