none
Push a certificate to Windows Phone 8.1 using Certificate Store CSP. RRS feed

  • Question

  • I am trying to push a certificate into the My/User space by using the CertificateStore CSP. But i end up getting a 400 error, which means  a syntax error. I dont find any syntactical errors in my CSP. Any help would be greatful.

    <SyncML xmlns="SYNCML:SYNCML1.2">
      <SyncHdr>
        <Source>
          <LocURI>url here/LocURI>
          <LocName>MEMDM</LocName>
        </Source>
        <Target>
          <LocURI>urn:uuid:UDID here</LocURI>
        </Target>
        <SessionID>14</SessionID>
        <VerDTD>1.2</VerDTD>
        <VerProto>DM/1.2</VerProto>
        <MsgID>1</MsgID>
      </SyncHdr>
      <SyncBody>
        <Add>
          <CmdID>CertPush2</CmdID>
          <Item>
            <Data>
            MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAsMDE1hbmFnZUVuZ2luZTEZMBcGA1UECgwQWm9obyBDb3Jwb3JhdGlvbjEXMBUG
            A1UEAwwOMTkyLjE2OC4yMC4xNzIwHhcNMTUwMjAzMDYxNDQ2WhcNMjUwMjAzMDYxNDQ2WjAkMSIwIAYDVQQDExlNRU1ETUNsaWVudEF1dGhlbnRpY2F0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
            MIIBCgKCAQEA0ncLV0mQsTancvGc/e/vLDP98xoE28vIqeWY0RUJFAe29gKiO2FZFfFLXkzNSLl9ltzAP+pkNAWPoeQp6cUr+AtVd5LjITfV5hUyO4d1ix/ghjQkhICk9hERZlbS1JeJNoh0BlIn6K+G
            9uqntVfEoiOcFe7i5CwM+I/kcQ4scMDtE1XBH78XXcpH/4K/bje2I8Tbz6zHcMYzJ8Is2fsH8hkPBqTjPEkXbBNAh29NSLoGxh7Rpe1u2RPgJE6jjvdv3O8L4GPRKVxV09+qLFngSnqQMFlolVyo+H8y
            tcs8maPDXccJN0sjE3fFsLzliERdqrMMAs1eSrXm43hQaDL7UQIDAQABo04wTDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQU2WyLjGqC3AYdorFdh8Mnmnlu7DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYI
            KwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBADn3xRbNFGpb7aSZj8efK/sO9Bx/qsp2SeJjvBaBll0Ja6oPo1JhhqSUSWRnJiXfOPpYUDT/aHjJRg1Wkklqup2lSrBK4tHfPRDdR+TwpjySSlrw1/PO
            XXaNbKkKwXTjVIAii1JlFEX+HZlH6KKCTXH6midwqKS06Va6tXgnS5aHL8IhnySmOAh2M7XTHiyZES5LGMNF6GXJVKkpxKWd9cV5o9n3EskwOw1InkZPJipm8iBZhhLo2dKaPxt+aXu3iLZBpEX/b1Km
            EYhnVRdS+LbDnWo4l6y3z3oPUOaHWurjqG4OKyTcZ4kxVGqEtqT/kdLqgRkpReYWpGaF2lWQzAw=</Data>
            <Target>
              <LocURI>
              ./Vendor/MSFT/CertificateStore/Root/System/‎3C9C9E2E8F085B898A80E663707AECB0FF345264/EncodedCertificate</LocURI>
            </Target>
            <Meta>
              <Format>b64</Format>
            </Meta>
          </Item>
        </Add>
        <Status>
          <Data>212</Data>
          <CmdRef>0</CmdRef>
          <CmdID>1423723497285</CmdID>
          <MsgRef>1</MsgRef>
          <TargetRef>https://192.168.20.172:8383/mdm/wpserver?cid=1##erid=3305##muid=301</TargetRef>
          <SourceRef>urn:uuid:FFA90986-F9C8-559B-A69D-1A94B0B5DC14</SourceRef>
          <Cmd>SyncHdr</Cmd>
          <Data>212</Data>
        </Status>
        <Status>
          <Data>200</Data>
          <CmdRef>2</CmdRef>
          <CmdID>2</CmdID>
          <MsgRef>1</MsgRef>
          <Cmd>Alert</Cmd>
          <Data>200</Data>
        </Status>
        <Status>
          <Data>200</Data>
          <CmdRef>3</CmdRef>
          <CmdID>3</CmdID>
          <MsgRef>1</MsgRef>
          <Cmd>Replace</Cmd>
          <Data>200</Data>
        </Status>
        <Final></Final>
      </SyncBody>
    </SyncML>
    


    Thursday, February 12, 2015 6:56 AM

All replies

  • The certificate you are trying to install appears to be a client certificate, not a Root or CA certificate.

    Client (aka Identity) certificates can only be installed during the enrollment/renewal process or by using SCEP. 

    Identity certificates require a private key and Windows Phone 8.1 CertificateStore CSP cannot install a private key from a certificate blob.


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Thursday, February 12, 2015 5:11 PM
    Moderator
  • Well that means I cant place a certificate under My/User space by directly pushing a certificate blob. Am i right ?
    Saturday, February 14, 2015 3:36 AM
  • Correct.  Adding a client certificate in that way is not supported by the MDM client on Windows Phone 8 or 8.1 although that's something we may consider for future releases based on feedback from MDM vendors like yourself.


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Monday, March 2, 2015 11:01 PM
    Moderator