Certificate Application Framework

Certificate applications (certapps) framework provides interfaces for implementing certapp stores. A certapps store holds a list of clients that trust the certificates (root certificate) stored in the certificate store (certstore). For example, certificates associated with TLS are held in certstore and applications that trust these certificates are held in certapps store.


The certapps framework is an extension of Crypto token Framework. It provides interface that must be implemented to retrieve clients of certificate management.

  • Each client consists of a UID and a human-readable name, and represents an application.

  • Each certificate is marked as trusted by one or more of the UIDs indicating that it is trusted by a particular application, and making it a root certificate for that application.

  • Different clients trust different certificates, For example, TLS might trust VeriSign's secure server root, but Software Install may not trust.


The framework includes TCertificateAppInfo class that provides information such as name and UID of the certificate application used as a token. The UID does not have to be the application UID, but must be unique. It can be set through the standard UID allocation scheme.

Figure 1. Symbian Certapps Implementation


The Symbian implementation of file based certstore uses certapps store. CCertificateAppInfoManager provides functions to add, remove and list these UID/name pairs. An application can retrieve the UID/name pairs for all clients of certificate management. The TCertificateAppInfo class encapsulates the UID/name pairs.

  • Add a new client

    IMPORT_C void AddL(const TCertificateAppInfo& aClient);

    Leaves with KErrPermissionDenied if the caller does not have the required capability

  • Remove an existing client

    IMPORT_C void RemoveL(const TUid& aUid);

    Leaves with KErrNotFound if the client does not exist, and KErrPermissionDenied if the caller does not have the required capability

  • List the registered clients

    IMPORT_C const RArray<TCertificateAppInfo>& Applications() const;

    The returned array becomes the property of the caller who is responsible for its destruction.