--- title: RootCATrustedCertificates CSP description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates. ms.assetid: F2F25DEB-9DB3-40FB-BC3C-B816CE470D61 ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman ms.date: 03/06/2018 --- # RootCATrustedCertificates CSP The RootCATrustedCertificates configuration service provider enables the enterprise to set the Root Certificate Authority (CA) certificates. > [!Note] > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**. The following shows the RootCATrustedCertificates configuration service provider in tree format. Detailed specification of the principal root nodes: ``` ./Vendor/MSFT RootCATrustedCertificates ----Root --------CertHash ------------EncodedCertificate ------------IssuedBy ------------IssuedTo ------------ValidFrom ------------ValidTo ------------TemplateName ----CA --------CertHash ------------EncodedCertificate ------------IssuedBy ------------IssuedTo ------------ValidFrom ------------ValidTo ------------TemplateName ----TrustedPublisher --------CertHash ------------EncodedCertificate ------------IssuedBy ------------IssuedTo ------------ValidFrom ------------ValidTo ------------TemplateName ----TrustedPeople --------CertHash ------------EncodedCertificate ------------IssuedBy ------------IssuedTo ------------ValidFrom ------------ValidTo ------------TemplateName ``` **Device or User** For device certificates, use **./Device/Vendor/MSFT** path and for user certificates use **./User/Vendor/MSFT** path. **RootCATrustedCertificates** The root node for the RootCATrustedCertificates configuration service provider. **RootCATrustedCertificates/Root/** Defines the certificate store that contains root, or self-signed certificates, in this case, the computer store. > [!Note] > The **./User/** configuration is not supported for **RootCATrustedCertificates/Root/**. **RootCATrustedCertificates/CA** Node for CA certificates. **RootCATrustedCertificates/TrustedPublisher** Node for trusted publisher certificates. **RootCATrustedCertificates/TrustedPeople** Node for trusted people certificates. **RootCATrustedCertificates/UntrustedCertificates** Added in Windows 10, version 1803. Node for certificates that are not trusted. IT admin can use this node to immediately flag certificates that have been compromised and no longer usable. **_CertHash_** Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. This node is common for all the principal root nodes. The supported operations are Get and Delete. The following nodes are all common to the **_CertHash_** node: **/EncodedCertificate** Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. The supported operations are Add, Get, and Replace. **/IssuedBy** Returns the name of the certificate issuer. This is equivalent to the **Issuer** member in the CERT\_INFO data structure. The only supported operation is Get. **/IssuedTo** Returns the name of the certificate subject. This is equivalent to the **Subject** member in the CERT\_INFO data structure. The only supported operation is Get. **/ValidFrom** Returns the starting date of the certificate's validity. This is equivalent to the **NotBefore** member in the CERT\_INFO data structure. The only supported operation is Get. **/ValidTo** Returns the expiration date of the certificate. This is equivalent to the **NotAfter** member in the CERT\_INFO data structure. The only supported operation is Get. **/TemplateName** Returns the certificate template name. The only supported operation is Get. ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md)