CertificateManager Class |
Namespace: Avaya.ClientServices
public class CertificateManager
The CertificateManager type exposes the following members.
Name | Description | |
---|---|---|
ClientIdentityCertificateChain |
Returns certificate chain of currently used client identity.
| |
ClientIdentityPrivateKey |
Returns private key of currently used client identity.
|
Name | Description | |
---|---|---|
DeleteCertificateStore |
Deletes an existing private trust store.
| |
DeleteClientIdentityCertificateChain |
Deletes a provisioned client identity certificate and a private key.
| |
Enroll |
Request client identity certificate enrollment.
| |
GetCertificates |
Returns information about the certificates stored in the private trust store.
| |
GetClientIdentityCertificate |
Returns a provisioned client identity certificate.
| |
IsCertificateStoreInUse |
Returns the private trust store status.
| |
SetCertificates |
Creates the private trust store using supplied trusted anchors (Root and Intermediate CA certificates).
| |
SetClientIdentityCertificate |
Set the client certificate from Windows Personal Certificate store to be used during mutual authentication.
| |
SetClientIdentityCertificateChain |
Securely stores a client identity certificate and a private key to use during mutual authentication.
| |
ValidateCertificates(ListX509Certificate2, CertificateManagerCertificateValidatorCompletionHandler) |
Performs a trust validation of a certificate chain to determine if the secure connection with the peer
can be trusted.
| |
ValidateCertificates(ListX509Certificate2, String, String, Int32, CertificateManagerCertificateValidatorCompletionHandler) |
Performs a trust validation of a certificate chain to determine if the secure connection with the peer
can be trusted.
|
Name | Description | |
---|---|---|
CertificateExpiryNotification |
Notifies the application about the client certificate's expiration status by specifying number of
days before expiry calculated as per the configured security policy specified via
CertificateRenewalValue.
|
The developers can use the SetCertificates() method to create a private trust store. A private trust store is an application managed certificate store that contains the Root and Intermediate CA certificates (known as "trusted anchors") trusted by an application.The private trust store is used to validate the server / client certificate chain for all the secure connections made by an application.
The private trust store has following advantages over the conventional system certificate stores provided by the operating system -
The private trust store allows application to be more secure. For example, consider a scenario where a CA inadvertently had issued certificates and revoked those later on.CA publishes the certificate status information so that application may choose to query and proceed.However, revocation status check process has its own challenges making it unsuitable, causing the rogue servers to be trusted by the applications.Such cases can be easily managed by using the private trust store.Application administrator may simply remove the corresponding CA certificate that had issued invalid certificates such that insecure connections cannot be established with the server.
This class allows the application to store a client identity certificate which can be used to pass on to the server upon server's request during TLS Mutual Authentication. A client identity certificate is trust validated by the server and untrusted certificate will be rejected by the server by issuing SSL Alert and severing the connection.
The client applications can register a certificate status listener to get notified when client identity certificate is about to expire.This notification serves as a reminder for an user to begin requesting a renewed certificate for this application.This notification period can be configured using SecurityPolicyConfiguration.
Applications that have been using default certificate trust validation logic, can now delegate the trust validation request to this class.The certificate validation methods offered by this class allows the use of the private trust store or system trust store.Also, certain behavior of these methods can be pre-configured based on the application deployment scenarios via SecurityPolicyConfiguration