| [Policy CSP](policy-configuration-service-provider.md) |
Added the following new policies for Windows 10, version 1803:
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 8f5c11db9d..b7fa5a8362 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -7,11 +7,14 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/26/2017
+ms.date: 03/06/2018
---
# RootCATrustedCertificates CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates.
> [!Note]
@@ -44,6 +47,9 @@ Node for trusted publisher certificates.
**RootCATrustedCertificates/TrustedPeople**
Node for trusted people certificates.
+**RootCATrustedCertificates/UntrustedCertificates**
+Addeded in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable.
+
**_CertHash_**
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 6e6492a240..03c352d150 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -7,17 +7,19 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/07/2018
---
# RootCATrustedCertificates DDF file
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1803.
``` syntax
@@ -28,7 +30,7 @@ The XML below is the current version for this CSP.
1.2
RootCATrustedCertificates
- ./Vendor/MSFT
+ ./User/Vendor/MSFT
@@ -43,7 +45,7 @@ The XML below is the current version for this CSP.
-
+ com.microsoft/1.1/MDM/RootCATrustedCertificates
@@ -74,8 +76,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -100,12 +100,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -117,7 +117,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -271,8 +271,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -297,12 +295,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -311,7 +309,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -363,7 +361,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -384,7 +382,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -405,7 +403,7 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
@@ -450,8 +448,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -476,12 +472,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -493,7 +489,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -551,7 +547,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -575,7 +571,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -599,7 +595,7 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
@@ -647,8 +643,6 @@ The XML below is the current version for this CSP.
-
-
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
@@ -673,12 +667,12 @@ The XML below is the current version for this CSP.
-
+
Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
-
+
@@ -690,7 +684,7 @@ The XML below is the current version for this CSP.
- text/plain
+
@@ -748,7 +742,7 @@ The XML below is the current version for this CSP.
- Returns the starting date of the certificate's validity. This is equivalent to the NotBefore member in the CERT_INFO structure.
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
@@ -772,7 +766,7 @@ The XML below is the current version for this CSP.
- Returns the expiration date of the certificate. This is equivalent to the NotAfter member in the CERT_INFO structure
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
@@ -796,7 +790,1180 @@ The XML below is the current version for this CSP.
- Returns the certificate template name.
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ UntrustedCertificates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+ RootCATrustedCertificates
+ ./Device/Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.1/MDM/RootCATrustedCertificates
+
+
+
+ Root
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ CA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ TrustedPublisher
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ TrustedPeople
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ UntrustedCertificates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value
+
+
+
+
+
+
+
+
+
+
+
+
+ CertHash
+
+
+
+
+
+ EncodedCertificate
+
+
+
+
+
+
+ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ IssuedBy
+
+
+
+
+ Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IssuedTo
+
+
+
+
+ Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidFrom
+
+
+
+
+ Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ValidTo
+
+
+
+
+ Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TemplateName
+
+
+
+
+ Returns the certificate template name. Supported operation is Get.
@@ -818,14 +1985,4 @@ The XML below is the current version for this CSP.
-```
-
-
-
-
-
-
-
-
-
-
+```
\ No newline at end of file
|