deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-10 19:47:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/wcd/wcd-certificates.md
Paolo Matarazzo 5eac8d4c21 WCD
2024-01-25 14:14:26 -05:00

65 lines
3.4 KiB
Markdown
Raw Blame History

---
title: Certificates
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.topic: reference
ms.date: 01/25/2024
---
# Certificates (Windows Configuration Designer reference)
Use to deploy Root Certificate Authority (CA) certificates to devices. The following list describes the purpose of each setting group.
- In [CACertificates](#cacertificates), you specify a certificate that will be added to the Intermediate CA store on the target device.
- In [ClientCertificates](#clientcertificates), you specify a certificate that will be added to the Personal store on the target device, and provide (password, keylocation), (and configure whether the certificate can be exported).
- In [RootCertificates](#rootcertificates), you specify a certificate that will be added to the Trusted Root CA store on the target device.
- In [TrustedPeopleCertificates](#trustedpeoplecertificates), you specify a certificate that will be added to the Trusted People store on the target device.
- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate that allows devices to automatically trust packages from the specified publisher.
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
| All setting groups | ✅ | ✅ | ✅ | ✅ |
## CACertificates
1. In **Available customizations**, select **CACertificates**, enter a friendly name for the certificate, and then click **Add**.
1. In **Available customizations**, select the name that you created.
1. In **CertificatePath**, browse to or enter the path to the certificate.
## ClientCertificates
1. In **Available customizations**, select **ClientCertificates**, enter a friendly name for the certificate, and then click **Add**.
1. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Value | Description |
| --- | --- | ---- |
| **CertificatePassword** | | |
| **CertificatePath** | | Adds the selected certificate to the Personal store on the target device. |
| ExportCertificate | True or false | Set to **True** to allow certificate export. |
| **KeyLocation** | - TPM only</br>- TPM with software fallback</br>- Software only | |
## RootCertificates
1. In **Available customizations**, select **RootCertificates**, enter a friendly name for the certificate, and then click **Add**.
1. In **Available customizations**, select the name that you created.
1. In **CertificatePath**, browse to or enter the path to the certificate.
## TrustedPeopleCertificates
1. In **Available customizations**, select **TrustedPeopleCertificates**, enter a friendly name for the certificate, and then click **Add**.
1. In **Available customizations**, select the name that you created.
1. In **TrustedCertificate**, browse to or enter the path to the certificate.
## TrustedProvisioners
1. In **Available customizations**, select **TrustedPprovisioners**, enter a CertificateHash, and then click **Add**.
1. In **Available customizations**, select the name that you created.
1. In **TrustedProvisioner**, browse to or enter the path to the certificate.
## Related topics
- [RootCATrustedCertficates configuration service provider (CSP)](/windows/client-management/mdm/rootcacertificates-csp)
Reference in New Issue View Git Blame Copy Permalink