Setting the certificates extension (HTML)

  • Article

The Certificates extension enables you to install certificates with the application, specify whether to inherit from system trust, and set certificate selection criteria. For more information, see the following sections:

Certificates extension sample #1


<Extensions>
  <!--Certificates Extension-->
  <Extension Category="windows.Certificates">
    <Certificates>
        <Certificate StoreName="Root" Content="Certificates\Root\myroot1.cer"/>
        <Certificate StoreName="Root" Content="myroot2.cer"/>
        <Certificate StoreName="TrustedPeople" Content="mypeer1.sst"/>
        <Certificate StoreName="Issuer" Content="myissuer.cer"/>
        <TrustFlags ExclusiveTrust="true"/>
        <SelectionCriteria HardwareOnly="true" AutoSelect="true"/>
    </Certificates>
  </Extension>
</Extensions>

Certificates extension sample #2


<Extensions>
  <!--Certificates Extension-->
  <Extension Category="windows.certificates">
    <Certificates>
        <Certificate StoreName="Root" Content="myroot.cer" />
        <Certificate StoreName="CA" Content="mystandca.cer"/>
        <TrustFlags ExclusiveTrust="true" />
        <SelectionCriteria AutoSelect="true" />
    </Certificates>
  </Extension>
</Extensions>

Certificates extension content

Element Attribute Description Allowed text Optional

Certificate

The certificate to be installed in the app container specific certificate store. The store is specified by the StoreName attribute. The certificate is specified by the Content attribute,

Yes

StoreName

Specifies the name of the certificate store. This can be a well-known store such as Root, CA, or TrustedPeople or a custom name.

A special store named Issuer can contain a name list of issuers to be used for certificate selection.

Can contain alphanumeric characters, "-", "_", and white space.

This can be any name allowed as a registry key name.

 No

Content

File path of the certificate to be added to the store.

Can be any valid file path.

The certificate file must be in a supported format.

 No

TrustFlags

Flags that define certificate validation behavior.

Yes

ExclusiveTrust

True specifies that the application will not inherit from system trust.

True

False

Yes

SelectionCriteria

Flags that specify certificate selection criteria.

Yes

HardwareOnly

True specifies that the selected certificate must be hardware-based.

True

False

Yes

AutoSelect

True specifies that the selected certificate be automatically selected from within the app container.

True

False

Yes

 

Working with certificates