Using a Third-Party Certificate Provider

SAP Mobile Platform SDK includes a Provider API, which enables apps to download certificates from third-party infrastructures.


  1. Using a Third-Party Certificate Provider for .NET:
    The user provided certificate provider is ignored as it is not supported on the .NET platform. The app developer must implement their own logic to retrieve the certificate and use the CryptoAPI (provided by the Windows SDK) to install the user certificate. See published on non-SAP sitefor CryptoAPI details.
  2. Using a Third-Party Certificate Provider for Windows Runtime/Store Apps
    The certificate provider interface (ICertificateProvider) – part of the LogonCore library – can be used to install a PFX (X509 user certificate) into the app's local certificate store before sending a registration request.
    • Set the properties of the certificate: Start of the navigation path Build action Next navigation step content and Copy to output directory Next navigation step  copy always End of the navigation path
    • Add SAPNetCA to the server keystore and device truststore.
    • Single SSL and Mutual SSL do not work while the device proxy is enabled.
    This sample implements a certificate provider which reads the certificate from the resources of the application:
    using SAP.Logon.Core;
    using System.Threading.Tasks;
    class CertificateProvider : ICertificateProvider {
    	public IAsyncAction DeleteStoredCertificateAsync() {
    		return Task.Run(() => { }).AsAsyncAction();
    	public IAsyncOperation< CertificateData> GetCertificateAsync() {
    		return ReadCertificateAsync().AsAsyncOperation<CertificateData>();
    	private async Task<CertificateData> ReadCertificateAsync() {
    		var folder = await Windows.ApplicationModel.Package.Current.InstalledLocation.GetFolderAsync("Assets");
              var pfx = await folder.GetFileAsync("smpsdk-piat-dev.p12");
    		byte[] rawCertificate = null;
    		using (var stream = await pfx.OpenReadAsync()) {
    			using (var reader = new BinaryReader(stream.AsStreamForRead())) {
    				rawCertificate = reader.ReadBytes((int)stream.Size);
    		return new CertificateData() {
    			CertificateBlob = rawCert,
    			PfxKey = "certificatePassword"
    	public IAsyncOperation<CertificateData> GetStoredCertificateAsync() {
    		// implement your logic here. This sample does not return anything in this case
    		return Task.FromResult<CertificateData>(null).AsAsyncOperation<CertificateData>();
    This sample code snippet demonstrates how the custom certificate provider can be passed to the logon core library:
    string appId = "myAppId";
    var logonCore = await SAP.Logon.Core.LogonCore.InitWithApplicationIdAsync(appId);
    if (!certificateInstalled)
    	logonCore.CertificateProvider = new CertificateProvider();
    await logonCore.RegisterWithContextAsync(
                    new SAP.Logon.Core.LogonContext() {
                    RegistrationContext = new SAP.Logon.Core.RegistrationContext() {
                    ApplicationId = appId,
                    ServerHost = "",
                    ServerPort = 8082,// https mutual port
                    IsHttps = true