Posted by: kurtsh | February 16, 2013

INFO: Certificate for WinRT devices and non-domain member devices

Interested in Windows RT devices * x.509 certificate enrollment?

imageWindows RT devices run on ARM processor, which is different from a typical computer, but it does have a full version of the Windows® operating system. Windows RT devices cannot be Active Directory Domain Services (AD DS) domain members. Otherwise, a Windows RT device is no different than a typical Windows computer from certificate enrollment and certificate management perspective. In another words, when it comes to certificate enrollment and certificate management, Windows RT devices share the same story with typical Windows computers that are not joined to an AD DS domain.

Prior to Windows RT, a typical Windows computer, could have a certificate in both the computer context and user context. Certificates in the computer context are stored in the computer account profile, these certificates are organized into different certificate stores, (My store, Root store, and so on). Each user would also have its own certificate stores in the user profile (with certificate stores similar to those in the computer context). The Windows Store apps used on Windows 8 and Windows RT devices also have their own profile and  owner certificate stores.

This means that Windows 8 and Windows RT devices can place their certificates in the Local Machine/My certificate store, User/My certificate store, or an application specific My certificate store. Further, a Windows Store app could use certificates from the computer Root store for certificate validation (chain building). Also, if a Windows Store app has SharedUserCertificate capability, the App can use certificates from the user context My store.

Read more of the article to see the following implementation steps.

  1. Enroll for a computer or user certificate by using a Windows RT device
        1. Establish trust to the Certificate Enrollment Policy Web Services and Certificate Enrollment Web Services
        2. Enrollment for a certificate
        3. Configure certificate for auto renewal
        4. Test the renewal
  2. Getting certificate for a Windows Store App

Posted in Uncategorized

«
»

Categories