Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important: Microsoft supports Intune /beta APIs, but they are subject to more frequent change. Microsoft recommends using version v1.0 when possible. Check an API's availability in version v1.0 using the Version selector.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new userPFXCertificate object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
POST /deviceManagement/userPfxCertificates
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the userPFXCertificate object.
The following table shows the properties that are required when you create the userPFXCertificate.
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the PFX certificate. |
| thumbprint | String | SHA-1 thumbprint of the PFX certificate. |
| intendedPurpose | userPfxIntendedPurpose | Certificate's intended purpose from the point-of-view of deployment. The possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
| userPrincipalName | String | User Principal Name of the PFX certificate. |
| startDateTime | DateTimeOffset | Certificate's validity start date/time. |
| expirationDateTime | DateTimeOffset | Certificate's validity expiration date/time. |
| providerName | String | Crypto provider used to encrypt this blob. |
| keyName | String | Name of the key (within the provider) used to encrypt the blob. |
| paddingScheme | userPfxPaddingScheme | Padding scheme used by the provider during encryption/decryption. The possible values are: none, pkcs1, oaepSha1, oaepSha256, oaepSha384, oaepSha512. |
| encryptedPfxBlob | Binary | Encrypted PFX blob. |
| encryptedPfxPassword | String | Encrypted PFX password. |
| createdDateTime | DateTimeOffset | Date/time when this PFX certificate was imported. |
| lastModifiedDateTime | DateTimeOffset | Date/time when this PFX certificate was last modified. |
Response
If successful, this method returns a 201 Created response code and a userPFXCertificate object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/userPfxCertificates
Content-type: application/json
Content-length: 523
{
"@odata.type": "#microsoft.graph.userPFXCertificate",
"thumbprint": "Thumbprint value",
"intendedPurpose": "smimeEncryption",
"userPrincipalName": "User Principal Name value",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"expirationDateTime": "2016-12-31T23:57:57.2481234-08:00",
"providerName": "Provider Name value",
"keyName": "Key Name value",
"paddingScheme": "pkcs1",
"encryptedPfxBlob": "ZW5jcnlwdGVkUGZ4QmxvYg==",
"encryptedPfxPassword": "Encrypted Pfx Password value"
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 695
{
"@odata.type": "#microsoft.graph.userPFXCertificate",
"id": "045c159b-159b-045c-9b15-5c049b155c04",
"thumbprint": "Thumbprint value",
"intendedPurpose": "smimeEncryption",
"userPrincipalName": "User Principal Name value",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"expirationDateTime": "2016-12-31T23:57:57.2481234-08:00",
"providerName": "Provider Name value",
"keyName": "Key Name value",
"paddingScheme": "pkcs1",
"encryptedPfxBlob": "ZW5jcnlwdGVkUGZ4QmxvYg==",
"encryptedPfxPassword": "Encrypted Pfx Password value",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00"
}