--- title: RootCATrustedCertificates DDF file description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP). ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article ms.prod: windows-client ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 03/07/2018 --- # RootCATrustedCertificates DDF file This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is for Windows 10, version 1803. ```xml ]> 1.2 RootCATrustedCertificates ./User/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain RootCATrustedCertificates ./Device/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure. text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain ``` ## Related topics [RootCATrustedCertificates CSP](rootcacertificates-csp.md)