Managing Windows Phone's and Symantec Code Signing certificate

Hi,
We need to renew the code signing certificate from Symantec. However, we only use it to manage the Windows Phone devices and don't publish apps. Do we still need to spend $300 on renewing this cert? Can't I manage them for free like our iOS and Android devices?

You REQUIRE the Symantec Code Signing Certificate to manage Windows Phones via Windows Intune. This is a requirement of the device rather than the management solution.
You CAN manage Windows Phones without this cert using only Exchange active sync management in Intune. However this management is very basic and has no advanced features (basically the features provided by Exchange rather than Intune).
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson

Similar Messages

  • Symantec code signing certificate

    Hi,
    I have 2 registred domain
    1.abc.com
    2.abc.co.in
    Both the domains are verified in my Intune portal . Now I  have plan enrol winodows mobile ,
    can i need pruchease 2 symantec code signing certificate or 1 certificate is enough ??

    Code Signing Certificate is issued to Company and it can be used on any application.
    So you only need to purchase 1 code signing certificate.

  • Applocker and expired code signing certificates

    Is it possible to allow applocker to use expired code signing certificates for old applications ? 
    Thanks, Magnus
    Magnus

    Hi Magnus,
    >>Is it possible to allow applocker to use expired code signing certificates for old applications ? 
    As far as I know, we should be unable to do this. If a certificate is expired, it is no longer considered an acceptable or usable credential.
    Regarding this question, the following thread can be referred to as reference.
    AppLocker Issue in Windows 7
    https://social.technet.microsoft.com/Forums/windows/en-US/2c78848d-2601-40d2-99c0-9b5c23b735e4/applocker-issue-in-windows-7?forum=w7itprosecurity
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Renew code signing certificate mountain lion server

    Hello to all
    Can you please let me know if there is a way to renew the self code signing certificate for server WITHOUT re enroll all devices?
    We have 500 iPads enrolled and the code signing certificate expires in 2 weeks...
    So it's really critical not to re enroll all devices .
    Is there any way to do this?
    Thank you for you help.

    When I put this in I am just getting the following response
    Usage: certadmin
        --get-private-key-passphrase [path]    
          Retrieve the passphrase for the private key at [path] from the keychain
        --default-certificate-path
          Retrieve the full path for the default certificate
        --default-certificate-authority-chain-path
          Retrieve the full path for the default certificate authority chain
        --default-private-key-path
          Retrieve the full path for the default private key
        --default-concatenation-path
          Retrieve the full path for the default certificate + private key concatenation
        --create-default-self-signed-identity
          Creates a default self signed identity (certificate + private key) using the hostname
        --recreate-self-signed-certificate subject serial_number
          Recreate an existing self signed certificate
        --recreate-CA-signed-certificate subject issuer serial_number
          Recreate an existing certificate signed by an OpenDirectory CA
    where you have "192173c1c is this meant to be the serial number?

  • Maximize Code Reuse Between Windows Phone 8 and Windows 8(via Microsoft Dev Center)

    Win8 App Developers: Picked this up on the Microsoft Dev site..great tips for reusing code between your Windows 8 app and Windows Phone.
    Summary: In this section, we will help you make the right choices to maximize code reuse in your apps. As a developer, you want to streamline your development and make maintaining your apps as efficient as possible. By working smarter, you give yourself more time to develop more apps and fill the marketplace with your creations. When building an app for Windows Phone 8 and Windows 8, you should look for opportunities to share code, designs, and assets as much as possible so that you maximize the return on your investment. This section describes the sharing techniques that you can use when building you app for both platforms.Read full article
    LenovoDev.com Manager

    Very useful! Thank you!
    Jonas
    Microsoft MVP: Windows Consumer Expert
    Yoga Tablet 2 10 || ThinkPad X1 Carbon (20A7007MPH) || ThinkPad Helix (3698-6EU) || IdeaCentre B540
    Twitter: @jonashendrickx

  • Windows Phone 8 and Windows InTune

    I just signed up for a 30-day Windows InTune trial account and I'm in the process of setting up mobile device management for Windows Phone 8 devices.  After looking through the documentation, I just want to verify that
    before I can even enroll any Windows Phone 8 devices for management in Windows InTune I need to...
    1. Purchase a $99/yr subscription to establish a Company (not an Individual) account on the Windows Phone Dev Center (to get a Symantec Publishing ID)
    2. Purchase a $299/yr subscription for a Symantec Enterprise Mobile Code Signing Certificate to obtain an enterprise mobile code-signing certificate using the Symantec Publishing ID from step #1
    3. Download, sign the Company Portal App with the XapSignTool tool using the Symantec enterprise mobile code-signing certificate, and upload the app back into Windows InTune
    Is this correct?
    Regards,
    JJ

    An important update to this thread - as of November 2014, you can now enroll Windows Phone 8.1 devices for management in Windows Intune without having to purchase a Symantec certificate. For details, see
    http://blogs.technet.com/b/microsoftintune/archive/2014/11/18/improvements-to-the-windows-phone-8-1-enrollment-process-for-intune.aspx
    As of 4/2/2015, hybrid configurations still require a Symantec cert to enroll a phone, but you can get the Company Portal app for WinPhone in the Store and you can send deep links and web links to hybrid phones via that portal. The ability to enroll WinPhone
    8.1 in hybrid without a cert is in the works. Stay tuned to the Intune blog for the announcement when that comes. Or you can ping me by replying to this thread, and ask me if certless hybrid is available yet.
    Cathy Moya PM, Windows Intune/System Center Configuration Manager This posting is provided AS IS with no warranties and confers no rights.

  • Windows Code Signing Certificate

    How to convert Windows Code Signing Certificate from p7s format to AET format

    Where did you get this 'p7s' file?  Did someone try to send you an AET in an SMIME encoded message? 
    File extension: p7s, is usually associated with a file containing PKCS #7 signed data and 'AET' usually refers to an 'Application Enrollment Token', which is associated with Windows Phone Enterprise application management.
    To create an AET for Windows Phone you need to have a proper code signing certificate from Symantec. (...you can't use just any code signing certificate.)
    When you obtain a code signing certificate from Symantec it should be installed into your computers certificate store.  You can then export the certificate and private key to a *.pfx file to use for signing apps or if you need to move it to a different
    computer.
    see:
    Windows Phone 8: Steps to acquire an Enterprise Mobile Code Signing Certificate required to sign LOB or company apps
    and:
    Frequently asked questions about Windows Phone Company Hub apps
    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast
    your votes for existing suggestions.

  • Profile Manager Code Signing Certificate from GoDaddy .spc

    Convert the .spc to .cer for Profile Manager compatability.
    Thought I'd share how to convert a code signing certificate acquired from go daddy as it downloads as a .spc file that Profile manager will not accept.
    When you download your code signing certificate from go daddy it will be a .spc file as stated above, and profile manager needs a .cer file.
    Take your .zip file over to a Windows 7 or better PC and double-click the .zip file.
    Then double-click the enclosed certificate.
    This will open the windows certmgr.
    Expand the certificate and locate your certificate (Should be the one with your company name )
    Right-Click the desired certificate, select all tasks, then Export
    Export the certificate as a DER .cer file.
    Now copy the exported .cer certificate to your Server App/Certificates and import it into the Pending Certificate.
    Once that's done also add the .cer certificate to your keychain.
    Remember to replace the expiring certificate if applicable
    LJS

    After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
    Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
    Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
    If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
    {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

  • Adobe AIR 3 Performance Issues and Code Signing Certificate Problem

    I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
    The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
    1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
    2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
    About the Code Signing Certificate problem:
    When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
    I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
    The Google Groups Adobe AIR page is here:
    http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
    Any ideas about these issues?
    Thanks!
    Oscar

    I recently updated to Adobe AIR 3.0 SDK (and runtime) doing HTML/Javascript development using Dreamweaver CS5.5 in a Windows 7 Home Premium (64 bit).
    The AIR app I'm developing runs well from within Dreamweaver. But when I create/package the AIR app and install it on my machine:
    1. The app literally CRAWLS running it in my Windows 7 12G RAM machine (especially when I use the mouse to mouse over a 19-by-21 set of hyperlinks on a grid) --- IT IS THAT SLOOOOWWWW...
    2. The app runs fine in my Mac OS X 10.6.8 with 4G RAM, also using the Adobe AIR 3 runtime.
    About the Code Signing Certificate problem:
    When I try to package the AIR app with ADT using AIR's temporary certificate feature, I get the error message "Could not generate timestamp: handshake alert: unrecognized_name".
    I found some discussions on this problem in an Adobe AIR Google Groups forum, but no one has yet offered any resolution to the issue. Someone said Adobe is using the Geotrust timestamping service --- located at https://timestamp.geotrust.com/tsa --- but going to this page produces a "404 --- Page not found" error.
    The Google Groups Adobe AIR page is here:
    http://groups.google.com/group/air-tight/browse_thread/thread/17cd38d71a385587
    Any ideas about these issues?
    Thanks!
    Oscar

  • Differences between SSL and Code-Signing Certificates

    Hello,
    I unsuccessfully tried to use a SSL - certificate for signing an applet (converting from X.509 to PKCS12 prior to signing) and learned, that SSL certificates and code-signing certificates are different things (after seeking the web for ours). Can somebody point out some source of information about this topic ? What are these differences ? Can I convert my SSL certificate into a code-signing certificate ?
    Things got even more confusing for me, since my first attempt with an wrongly converted SSL cetificate (I used my public and private key for conversion only, omitting the complete chain) at least worked partly: the certificate was accepted, but marked as coming from some untrustworthy organisation. After making a correct conversion (with the complete chain) the java plugin rejected the certificate completely ...
    Ulf

    yep, looks like it.
    keytool can be used with v3 x509 stores:
    Using keytool, it is possible to display, import, and export X.509 v1, v2, and v3 certificates stored as files, and to generate new self-signed v1 certificates. For examples, see the "EXAMPLES" section of the keytool documentation ( for Solaris ) ( for Windows ).
    jarsigner needs a keystore so I would assume public and private key pair.
    you could list the keys from your store:
    C:\temp>keytool -list -keystore serverkeys.key
    Enter keystore password: storepass
    Keystore type: jks
    Keystore provider: SUN
    Your keystore contains 2 entries
    client, Jul 5, 2005, trustedCertEntry,
    Certificate fingerprint (MD5): 13:50:77:64:94:36:2E:18:00:4B:90:65:D0:26:22:C8
    server, Jul 5, 2005, keyEntry,
    Certificate fingerprint (MD5): 20:90:49:6F:46:BA:AB:11:75:39:9F:6F:29:1F:AB:58
    The server is the private key, this can be used with jarsigner (alias option).
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar client
    jarsigner: Certificate chain not found for: client. client must reference a val
    id KeyStore key entry containing a private key and corresponding public key cert
    ificate chain.
    C:\temp>jarsigner -keystore serverkeys.key -storepass storepass -keypass keypass
    -signedjar sTest.jar test.jar server

  • What kind of code signing certificate do I need for Profile Manager?

    I'm new to Lion Server and the Profile Manager, and I'm wondering what kind of CA-recognized code signing certificate I would need to buy to use in the Profile Manager -> Sign configuration profiles? For example, Verisign sells a bunch of different kind (http://www.verisign.com/code-signing/): Microsoft Authenticode, Java, etc.
    Patrick

    The cable should be just the normal one, the special smarts that tell the tablet to charge at full speed is in the power brick.

  • Missing Code Signing Certificate in Profile Manager

    Hi everyone,
    Firstly, I'm not a professional and managing a server isn't in my skill set.  I have an old Mac mini running the Mavericks server to dabble with.
    Recently, the code-signing certificate (I assume self-signed) disappeared from Profile Manager for the option to "Sign configuration profiles" – no idea why, and I'm struggling to get it back, it just doesn't appear in the drop down.
    Under "Certificates" in Server.app, and within Keychain Access; it's still in the system and can be seen, where there are two of them.
    I've tried renewing both of these through Server.app to see if that would be a quick fix, but nothing.
    Could someone advise me on how to create a new verified code signing certificate for use with profile manager?
    Kind regards,
    Jamie

    Tried again.  Destroyed OD and recreated – code signing appears.  Reboot machine, code signing disappears.
    I tried exporting out the Code Signing Cert before rebooting the machine and reimporting after it disappears only to get "This profile cannot be used to sign profiles".
    Any idea what could be breaking the code-signing on reboot? Really bizarre.

  • Code Signing Certificate Renewal for Profile Manager

    Currently we have around 800 ipods/iphones around the globe that were all enrolled into our Profile Manager in the past year.  In one month our Code Signing Certificate will expire on ALL of those devices.  I have updated the certificate on our Profile Manager server and installed that into the Profile Manager.
    How do I update all of the devices in the field with the new certificate?  It is not possible for every one of those devices to be re-enrolled.  These are systems that we give to our customers to use for a specific purpose and they have no clue how to do anything with the MDM or the profile manager.  Apple - this wasn't well thought out...

    After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
    Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
    Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
    If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
    {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

  • Third party CA and SCUP code signing

    All of the documentation I have seen out there regarding using a code signing certificate with SCUP assumes you are using AD CS. My institution uses a 3rd party CA and I requested a code signing certificate from them (the file had no file name extension,
    FWIW). I imported it into the local computer certificate store (on SCUP server/CAS) and see four entries:
    The blocked out item is our company name.
    Here is what I have done:
    I have exported the one with our company name as as the .cer file for clients, and placed it in the Trusted Publishers and Trusted Root Certificate Authorities stores on the SCUP server/CAS.
    I have exported various combinations of the 4 to generate the *.pfx file and imported it into SCUP but it always gives me an error when I try to publish an update. I initially exported all 4 certificates to get my .pfx, then tried just the ones with the
    purpose of "code signing." In both cases I get an error stating "Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured."
    I am not getting an option to export the private key no matter what combo I choose. This is the biggest red flag I am seeing.
    Does anyone have any experience in this scenario? I am at a loss at this point. The server is 2008 R2 and I know I could use a self-signed one but I thought I would do it the "right" way since it is no longer supported.

    It turns out that after the code signing certificate was downloaded, the private key was somehow lost or damaged or not associated with it in the first place. That is why I was not seeing the option to export the key. We needed to use certutil to repair
    the key association.
    I suspect this is because the request was made from a web form and handled by the 3rd party CA as opposed to being done with certreq. Am I off base?
    Anyway, running this command on the code signed certificate allowed me to export it as needed for SCUP:
    certutil -repairstore my "SerialNumberofCert"
    There are some how tos here:
    http://support.microsoft.com/kb/889651
    http://blogs.msmvps.com/ivansanders/2011/07/26/restoring-a-certificates-private-key-without-the-certreq/

  • CS4 Flash Projector File and Authenticode (Code Signing)

    I have a flash projector file (.exe) that I need to add Code Signing to it so it does not say 'Unknown Publisher' in Vista. I read that for CS3 there is no authenticode signing. Was this added in CS4? I just want to check before I go ahead and purchase a 3rd party app like Juggler. Does anyone else have a suggestion for software to add authenticode signature to a CS4 flash projector file? Jugglor is pretty old (2007) and I would like to know if there are more recent apps to package and sign projector files.
    Thanks for any info.
    Doug

    You can use a tool from Miscsoft to sign your projector. Here's how:
    1) Buy a code signing certificate from someone like COMODO, Entrust Thawte, or VeriSign
    2) Download the command line code signing tool from Microsoft - SignTool.exe
    http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx
    2) Follow these instructions
    http://www.entrust.net/ssl-resources/pdf/ECS_AuthCode_Signing_Guide.pdf
    Good Luck
    Brian

Maybe you are looking for