Certificates (Windows Configuration Designer reference)
Use to deploy Root Certificate Authority (CA) certificates to devices. The following list describes the purpose of each setting group.
- In CACertificates, you specify a certificate that will be added to the Intermediate CA store on the target device.
- In ClientCertificates, you specify a certificate that will be added to the Personal store on the target device, and provide (password, keylocation), (and configure whether the certificate can be exported).
- In RootCertificates, you specify a certificate that will be added to the Trusted Root CA store on the target device.
- In TrustedPeopleCertificates, you specify a certificate that will be added to the Trusted People store on the target device.
- In TrustedProvisioners, you specify a certificate that allows devices to automatically trust packages from the specified publisher.
Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
|---|---|---|---|---|
| All setting groups | ✅ | ✅ | ✅ | ✅ |
CACertificates
In Available customizations, select CACertificates, enter a friendly name for the certificate, and then click Add.
In Available customizations, select the name that you created.
In CertificatePath, browse to or enter the path to the certificate.
ClientCertificates
- In Available customizations, select ClientCertificates, enter a friendly name for the certificate, and then click Add.
- In Available customizations, select the name that you created. The following table describes the settings you can configure. Settings in bold are required.
| Setting | Value | Description |
|---|---|---|
| CertificatePassword | ||
| CertificatePath | Adds the selected certificate to the Personal store on the target device. | |
| ExportCertificate | True or false | Set to True to allow certificate export. |
| KeyLocation | - TPM only - TPM with software fallback - Software only |
RootCertificates
- In Available customizations, select RootCertificates, enter a friendly name for the certificate, and then click Add.
- In Available customizations, select the name that you created.
- In CertificatePath, browse to or enter the path to the certificate.
TrustedPeopleCertificates
- In Available customizations, select TrustedPeopleCertificates, enter a friendly name for the certificate, and then click Add.
- In Available customizations, select the name that you created.
- In TrustedCertificate, browse to or enter the path to the certificate.
TrustedProvisioners
In Available customizations, select TrustedPprovisioners, enter a CertificateHash, and then click Add.
In Available customizations, select the name that you created.
In TrustedProvisioner, browse to or enter the path to the certificate.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for