--- title: RootCATrustedCertificates DDF file description: RootCATrustedCertificates DDF file ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower ms.date: 03/07/2018 --- # RootCATrustedCertificates DDF file > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). The XML below is for Windows 10, version 1803. ``` syntax ]> 1.2 RootCATrustedCertificates ./User/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain RootCATrustedCertificates ./Device/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain ```