--- title: RootCATrustedCertificates DDF file description: RootCATrustedCertificates DDF file ms.assetid: 06D8787B-D3E1-4D4B-8A21-8045A8F85C1C ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque ms.date: 03/07/2018 --- # RootCATrustedCertificates DDF file This topic shows the OMA DM device description framework (DDF) for the **RootCACertificates** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). The XML below is for Windows 10, version 1803. ``` syntax ]> 1.2 RootCATrustedCertificates ./User/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain RootCATrustedCertificates ./Device/Vendor/MSFT com.microsoft/1.1/MDM/RootCATrustedCertificates Root Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain CA Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPublisher Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain TrustedPeople Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain UntrustedCertificates Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value CertHash EncodedCertificate Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc. IssuedBy Returns the name of the certificate issuer. This is equivalent to the Issuer member in the CERT_INFO data structure. text/plain IssuedTo Returns the name of the certificate subject. This is equivalent to the Subject member in the CERT_INFO data structure. text/plain ValidFrom Returns the starting date of the certificate's validity. Supported operation is Get. This is equivalent to the NotBefore member in the CERT_INFO structure. text/plain ValidTo Returns the expiration date of the certificate. Supported operation is Get. This is equivalent to the NotAfter member in the CERT_INFO structure text/plain TemplateName Returns the certificate template name. Supported operation is Get. text/plain ```