deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/wcd/wcd-certificates.md

72 lines
3.6 KiB
Markdown
Raw Blame History

---
title: Certificates (Windows 10)
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
ms.date: 09/06/2017
---
# Certificates (Windows Configuration Designer reference)
Use to deploy Root Certificate Authority (CA) certificates to devices. The following list describes the purpose of each setting group.
- In [CACertificates](#cacertificates), you specify a certificate that will be added to the Intermediate CA store on the target device.
- In [ClientCertificates](#clientcertificates), you specify a certificate that will be added to the Personal store on the target device, and provide (password, keylocation), (and configure whether the certificate can be exported).
- In [RootCertificates](#rootcertificates), you specify a certificate that will be added to the Trusted Root CA store on the target device.
- In [TrustedPeopleCertificates](#trustedpeoplecertificates), you specify a certificate that will be added to the Trusted People store on the target device.
- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate which allows devices to automatically trust packages from the specified publisher.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All setting groups | X | X | X | X | X |
## CACertificates
1. In **Available customizations**, select **CACertificates**, enter a friendly name for the certificate, and then click **Add**.
2. In **Available customizations**, select the name that you just created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## ClientCertificates
1. In **Available customizations**, select **ClientCertificates**, enter a friendly name for the certificate, and then click **Add**.
2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Value | Description |
| --- | --- | ---- |
| **CertificatePassword** | | |
| **CertificatePath** | | Adds the selected certificate to the Personal store on the target device. |
| ExportCertificate | True or false | Set to **True** to allow certificate export. |
| **KeyLocation** | - TPM only</br>- TPM with software fallback</br>- Software only | |
## RootCertificates
1. In **Available customizations**, select **RootCertificates**, enter a friendly name for the certificate, and then click **Add**.
2. In **Available customizations**, select the name that you just created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## TrustedPeopleCertificates
1. In **Available customizations**, select **TrustedPeopleCertificates**, enter a friendly name for the certificate, and then click **Add**.
2. In **Available customizations**, select the name that you just created.
3. In **TrustedCertificate**, browse to or enter the path to the certificate.
## TrustedProvisioners
1. In **Available customizations**, select **TrustedPprovisioners**, enter a CertificateHash, and then click **Add**.
2. In **Available customizations**, select the name that you just created.
3. In **TrustedProvisioner**, browse to or enter the path to the certificate.
## Related topics
- [RootCATrustedCertficates configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/rootcacertificates-csp)
Reference in New Issue View Git Blame Copy Permalink