From 884f62c580eb139eb56c6720bfe0c22a3d371073 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Fri, 13 Sep 2019 09:34:26 -0500 Subject: [PATCH] Update rootcacertificates-csp.md --- .../mdm/rootcacertificates-csp.md | 31 ++++++------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md index 4f6ec839e8..a1de0abf5c 100644 --- a/windows/client-management/mdm/rootcacertificates-csp.md +++ b/windows/client-management/mdm/rootcacertificates-csp.md @@ -21,6 +21,8 @@ The RootCATrustedCertificates configuration service provider enables the enterpr   The following image shows the RootCATrustedCertificates configuration service provider in tree format. +Here the detailed specfiication of the principal root nodes: + ![roocacertificate](images/provisioning-csp-rootcacertificate.png) **Device or User** @@ -35,7 +37,6 @@ Defines the certificate store that contains root, or self-signed certificates, i > [!Note] > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**. -  **RootCATrustedCertificates/CA** Node for CA certificates. @@ -49,39 +50,27 @@ Node for trusted people certificates. Addeded in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. **_CertHash_** -Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. +Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. This node is common for all the principal root nodes. The supported operations are Get and Delete. -The supported operations are Get and Delete. +The following nodes, are all common to the **_CertHash_** node: **/EncodedCertificate** -Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. - -The supported operations are Add, Get, and Replace. +Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace. **/IssuedBy** -Returns the name of the certificate issuer. This is equivalent to the **Issuer** member in the CERT\_INFO data structure. - -The only supported operation is Get. +Returns the name of the certificate issuer. This is equivalent to the **Issuer** member in the CERT\_INFO data structure. The only supported operation is Get. **/IssuedTo** -Returns the name of the certificate subject. This is equivalent to the **Subject** member in the CERT\_INFO data structure. - -The only supported operation is Get. +Returns the name of the certificate subject. This is equivalent to the **Subject** member in the CERT\_INFO data structure. The only supported operation is Get. **/ValidFrom** -Returns the starting date of the certificate's validity. This is equivalent to the **NotBefore** member in the CERT\_INFO data structure. - -The only supported operation is Get. +Returns the starting date of the certificate's validity. This is equivalent to the **NotBefore** member in the CERT\_INFO data structure. The only supported operation is Get. **/ValidTo** -Returns the expiration date of the certificate. This is equivalent to the **NotAfter** member in the CERT\_INFO data structure. - -The only supported operation is Get. +Returns the expiration date of the certificate. This is equivalent to the **NotAfter** member in the CERT\_INFO data structure. The only supported operation is Get. **/TemplateName** -Returns the certificate template name. - -The only supported operation is Get. +Returns the certificate template name. The only supported operation is Get. ## Related topics