Here are the answers to some of the most commonly asked questions regarding Windows Phone company hub apps, AET token and certificates. The following applies to both Windows Phone 8.0 and 8.1
1. Can we sign Company hub apps using self-signed certificate or any other third party certificates?
Enterprise Mobile Code signing certificate from Symantec is required to sign Windows Phone company hub apps. We do not support any other third party certificates or self-signed certificate at this time. Enterprise Mobile Code Signing Certificate is valid for a year and needs to be renewed after a year.
Visit the Symantec Enterprise Mobile Code Signing Certificate Web site, and complete the required steps to acquire an enterprise mobile code signing certificate. The steps are outlined in the other blog, found here.
2. Is there a trial certificate available to test cert expiration\renewal scenarios?
There are no trial certificates available to test above scenario. You could purchase another certificate a few weeks or months after the first certificate, and adjust the clock on the phone to test the scenario using the two certs.
3. What happens to company hub apps when AET token expires?
Once the AET token expires, company hub apps, signed using the same cert, fails to run on device. AET token is valid for a year. You need to update the AET token on the device before it expires. You can push new AET to device using MDM or for unmanaged scenarios it has to be installed manually via email or IE.
4. When I try to install Symantec code signing certificate, I see the following message. How do I resolve this?
“Your certificate cannot be installed. Either it has already been installed, or you have removed your private key”.
You see the above message, if you are trying to install the certificate on a machine which was not used to place the order.
The certificate must be installed on the same machine where you make the order. That is complete all the steps described here, on the same machine.
5. When we try to generate AET token, it fails with following error? What is cause for this failure?
Unknown Error while generating AET
StartIndex cannot be larger than length of string
Parameter name: StartIndex
You run into above issue if you are using incorrect PFX file to generate AET token. Please note that the following certificates have to be installed in appropriate certificate stores, to export the proper PFX file.
You have to install three certificates in the following order:
1. Install Windows Phone private Enterprise root certificate in the Trusted Root Certification Authorities
2. Install Windows Phone Enterprise Intermediate CA in the Intermediate Certification Authorities
3. Then install Symantec Enterprise Mobile code signing certificate from the link provided by Symantec in the email.
The code signing certificate will be installed in the personal store.
4. After this please follow the steps provided in the below article to export PFX file
Under Export File Format, select following, and then click Next.
• To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.
6.After exporting the PFX file, refer to the following steps to create AET token.