Share via

CertStore_MoveCertificate function

  • Article

Header: #include <applibs/certstore.h>

Renames a certificate. Both certificates must already be installed in the certificate store.

int CertStore_MoveCertificate(const char *sourceIdentifier, const char *destIdentifier);

Parameters

  • sourceIdentifier The current ID of the certificate.

  • destIdentifier The new ID for the certificate.

Errors

Returns -1 if an error is encountered and sets errno to the error value.

  • EACCES: the operation isn't allowed because the CertStore capability isn't set in the application manifest.

  • EAGAIN: the OS certificate store component isn't ready yet.

  • EFAULT: the sourceIdentifier or destIdentifier parameter is NULL.

  • EINVAL: the sourceIdentifier or destIdentifier parameter is not a valid identifier name.

  • ENOENT: the certificate with the identifier sourceIdentifier does not exist.

Any other errno may also be specified; such errors aren't deterministic and there's no guarantee that the same behavior will be retained through system updates.

Return value

Returns 0 for success, or -1 for failure, in which case errno is set to the error value.

Application manifest requirements

The application manifest must include the CertStore capability.

Remarks

If any type of certificate with identifier destIdentifier already exists, it will be replaced with the contents of the certificate at sourceIdentifier, and the sourceidentifier will no longer exist.

Caution

Because certificate IDs are system-wide, an az sphere command or a function call that adds a new certificate can overwrite a certificate that was added by an earlier command or function call, potentially causing network connection failures. We strongly recommend that you develop clear certificate update procedures and choose certificate IDs carefully.

See Certificate IDs for more information about how Azure Sphere uses certificate IDs.

This function renames the certificates but does not update the configurations in which they're used. To use the renamed certificates, the app must reload the Wi-Fi configuration by calling WifiConfig_ReloadConfig. Wi-Fi configurations that use only the sourceIdentifier must be updated to use a valid identifier.