How to access certificates in the "Local Computer\Personal" store?

[forderud]

I'm struggling to figure out how to access certificates in the "Local Computer\Personal" store when using CertificateStores::FindAllAsync(CertificateQuery) and similar UWP APIs.

Example of certificates that I want to access:

These certificates are not inherited to the "Current User\Personal" store, due to an exception in the certificate inheritance rules. They therefore need to be explicitly accessed from LocalMachine instead of CurrentUser.

I've already tried to specify StoreName in the CertificateQuery argument. This works nicely for accessing certificates in e.g. the "Current User\Personal" store. However, there doesn't seem to any way to also specify StoreLocation as in the .Net X509Store(StoreName, StoreLocation) constructor.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 642ea678-d413-7aae-0be6-dd2184e2c134
• Version Independent ID: 3a67064e-ef1c-bafd-ab26-9f971d70273c
• Content: CertificateStores.FindAllAsync Method (Windows.Security.Cryptography.Certificates) - Windows UWP applications
• Content Source: winrt-api-build/xml/Windows.Security.Cryptography.Certificates/CertificateStores.xml
• Product: uwp
• Technology: winrt-reference
• GitHub Login: @alvinashcraft
• Microsoft Alias: aashcraft

[alvinashcraft]

Hi @forderud. I found this C# sample code. Does this help with your scenario? If you think it's useful, I'll add it to the docs for this topic:

public static void AddAppSmartCardCertIntoUserStore()
{
    // Retrieve certificates in store.
    var certs = await CertificateStores.FindAllAsync();
    // open user Personal store
    UserCertificateStore store = CertificateStores.GetUserStoreByName(StandardCertificateStoreNames.Personal);
    foreach (Certificate cert in certs)
    {
        if (cert.KeyStoreageProviderName == KeyStorageProviderNames.SmartcardKeyStorageProvider
&& !cert.IsPerUser)
        {
            var added = await store.RequestAddAsync(cert);
            if (!added) break;
        }
    }
}

[forderud]

Hi @forderud. I found this C# sample code. Does this help with your scenario? If you think it's useful, I'll add it to the docs for this topic:

public static void AddAppSmartCardCertIntoUserStore()
{
    // Retrieve certificates in store.
    var certs = await CertificateStores.FindAllAsync();
    ...

Just tested, and CertificateStores::FindAllAsync() will only enumerate certificates under "Current User" and not under "Local Computer". It therefore doesn't help..

[forderud]

@alvinashcraft Maybe it could make more sense to recategorize this issue as an "enhancement request" instead of a "documentation request"(?) If so, then please let me know if you need any action from my side.

[alvinashcraft]

Hi @forderud. I think that MS Q&A would be a good place to take this. The community of experts and Microsoft Engineers over at Microsoft Q&A offer timely answers to a multitude of technical questions surrounding windows-uwp. They can determine if there's a way to do this or if it would require an enhancement to the product.

If you do create a thread over at Microsoft Q&A, we would appreciate if you could share that link here so we can track the progress and incorporate any technical details into our documentation. If there is something that can be updated in the docs, I would be happy to take care of it. If that sounds good to you, we'll mark this issue closed but I will continue to monitor it for any replies.

[forderud]

Just posted the same question on https://learn.microsoft.com/en-us/answers/questions/1100511/how-to-access-certificates-in-the-34local-computer.html

[alvinashcraft]

Sounds great. Closing this for now, but like I said, we can revisit this if it's determined that some Docs changes would be helpful. Keep us posted!

[alvinashcraft]

I think I may go ahead and add that code example to the page next week too.