locked
What certifications are required to submit a Windows UWP app via Intune to Corporate Users? & How to sign the app? RRS feed

  • Question

  • I have a Windows UWP app that I need to deploy to our corporate users via our corporate Intune. I actually have multiple apps -- Windows Phone 8.1, Windows Phone 10, Windows Tablets/Desktops 10.

    What certificates do I need to sign these apps? Where do I get these certificates from?  How do I use these certs to sign my apps? How do I make our corporate devices trust these certs?

    I went through the process of signing up for a Windows Company Developer license only to be instructed that what I needed was a Symantec Enterprise Cert. I purchased the Symantec Enterprise Cert for our company only to find out that is only valid for Windows Phones 8.1.  I've scoured the documents but all of the documents simply explain how to do your own self-signed cert. (Which I am OK with if it is legit and the devices will trust it). I was hoping for a Company Certificate that we could upload to Intune and then deploy to our users as there might be multiple developers and I was hoping we could all use the same cert for signing the apps - (thereby being a "Company Enterprise Cert"). 

    Tuesday, March 14, 2017 9:05 PM

All replies

  • Hi Stacy,

    >>What certificates do I need to sign these apps? Where do I get these certificates from? 
    To sign the app ,there are three options:

    Option 1: Use Visual Studio to issue a self-signed certificate and sign the app with that. (If you do this you also need to remember to deploy the self-signed certificate to the Trusted Root Certificate Authority of the devices where the app will be installed)

    Option 2: Sign the App with a code-signing certificate issued from your internal PKI (If you do this you need to deploy the Root CA from your internal PKI to the Trusted Root Certificate Authority store in the way)

    Option 3: Purchase a Code-Signing certificate from a vendor. (This is the preferred option as no extra steps are needed at deployment time. The cert chain will already be valid)

    >>How do I use these certs to sign my apps? How do I make our corporate devices trust these certs?
    You could use SignTool.( For Option 1, there is no need to do the signing yourself as Visual Studio will do the job)

    For UWP app: https://docs.microsoft.com/en-us/windows/uwp/packaging/sign-app-package-using-signtool

    For non-UWP app: https://msdn.microsoft.com/en-us/library/windows/desktop/jj835835(v=vs.85).aspx

    Regarding how to deploy, you could refer to How to Deploy your own Windows 10 Universal Windows Platform Apps (.APPX) with Intune

    Best Regards,

    Cherry Bu


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, March 16, 2017 1:26 AM