12 <concept id="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C" xml:lang="en"><title>Root |
12 <concept id="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C" xml:lang="en"><title>Root |
13 Certificates</title><shortdesc>To validate a certificate, a client application must have at least |
13 Certificates</title><shortdesc>To validate a certificate, a client application must have at least |
14 one certificate which it directly trusts. This is a root certificate. Different |
14 one certificate which it directly trusts. This is a root certificate. Different |
15 applications trust different root certificates. For example, TLS might trust |
15 applications trust different root certificates. For example, TLS might trust |
16 VeriSign's secure server root, but Software Install may not. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody> |
16 VeriSign's secure server root, but Software Install may not. </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody> |
17 <section><title>Root Certificate Management and Storage</title> <p><b>The |
17 <section id="GUID-F57DDD2B-16B7-44DC-94DE-10512A765AF2"><title>Root Certificate Management and Storage</title> <p><b>The |
18 file certificate store</b> </p> <p>There is a single 'file' certificate store |
18 file certificate store</b> </p> <p>There is a single 'file' certificate store |
19 (certstore), <filepath>CACerts.dat</filepath>, initially populated with default |
19 (certstore), <filepath>CACerts.dat</filepath>, initially populated with default |
20 root certificates, located in <filepath>c:\system\data\</filepath> (or a private |
20 root certificates, located in <filepath>c:\system\data\</filepath> (or a private |
21 directory). When a certstore object is constructed it looks for the store |
21 directory). When a certstore object is constructed it looks for the store |
22 in this location. If it cannot be found the original store is copied over |
22 in this location. If it cannot be found the original store is copied over |
27 certificate applications (certapps) store, <filepath>certclients.dat</filepath>, |
27 certificate applications (certapps) store, <filepath>certclients.dat</filepath>, |
28 which is used by the file certstore, contains a set of zero or more clients. |
28 which is used by the file certstore, contains a set of zero or more clients. |
29 Each client consists of a UID and a human-readable name, and represents an |
29 Each client consists of a UID and a human-readable name, and represents an |
30 application that requires the services of Certificate Management (certman). |
30 application that requires the services of Certificate Management (certman). |
31 For example, TLS is a client, as is Software Installation. The word 'application' |
31 For example, TLS is a client, as is Software Installation. The word 'application' |
32 is used in its broadest possible sense; the UIDs do not have to be Symbian |
32 is used in its broadest possible sense; the UIDs do not have to be the Symbian |
33 platform application UIDs, although this may be a sensible choice. Each certificate |
33 platform application UIDs, although this may be a sensible choice. Each certificate |
34 is marked as trusted by zero or more of these clients, this is what makes |
34 is marked as trusted by zero or more of these clients, this is what makes |
35 it a root certificate for that application. </p> <p>The <codeph>CCertificateAppInfoManager</codeph> class |
35 it a root certificate for that application. </p> <p>The <codeph>CCertificateAppInfoManager</codeph> class |
36 (<xref href="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C.dita#GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C/GUID-10C59313-821D-5AC4-8E45-1650F6305C7A">see |
36 (<xref href="GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C.dita#GUID-2800C486-2FB4-5C5C-990F-CC1A290F7E0C/GUID-10C59313-821D-5AC4-8E45-1650F6305C7A">see |
37 below</xref>) provides functions to add, remove and list these UID/name pairs. |
37 below</xref>) provides functions to add, remove and list these UID/name pairs. |