Windows Phone 8 enables companies to publish and distribute Windows Phone apps (XAP file format) directly to their employees or other users, bypassing the Windows Phone Store. Users can install apps published by their company only after they enroll their phones for app distribution from their company, and only users that are enrolled for app distribution from the company can install the company apps.
Before distributing a company app or a Company Hub app, you must sign the XAP with the code signing certificate that was obtained from Symantec. To perform these tasks, you have the following options:
You can perform both tasks by running the BuildMDILXap.ps1 PowerShell script that is included with Windows Phone SDK 8.0. For more info, see Precompiling managed assemblies and signing apps by using the Windows PowerShell script in this topic.
If you are building the apps at the command prompt by using MSBuild and Visual Studio 2012 Update 2 or later, you can specify MSBuild command-line options to perform these tasks. For more info, see Precompiling managed assemblies and signing apps from the command line by using MSBuild in this topic.
You can use the MDILXapCompile and XapSignTool command-line tools to perform each task individually. For more info about using these tools, see How to precompile a company app by using MDILXAPCompile and How to sign a company app by using XapSignTool.
NOTE! Do NOT use the BuildMDILXap PowerShell script identified on MSDN as this can cause problems with the package installation on the Phone.
This section describes in chronological order the process of signing a Windows Phone App. In this example I am using the Company Portal App which is required to deploy Windows Phone 8 apps to Windows Phones 8:
- Use a Windows 8 64-bit (x64) client as it is mandatory for Windows Phone SDK 8.0
- Next step is to downloading and install Windows Phone SDK 8.0 on your Windows 8 client
- When finished download and install the Company Portal App on your Windows 8 client as well
- Retrieve the Company Portal App previously installed. The default installation path is: %ProgramFiles(x86)%\Microsoft Corporation\Windows Intune Company Portal for Windows Phone 8/SSP.xap
- Get your code signing certificate. You will need a copy of the code-signing certificate that was obtained from Symantec exported to PFX file along with the password to access it.
Note! Make sure you have installed the complete certificate chain of your code signing certificate on your Windows 8 client in order to properly sign your apps. If not included, the signing of your Windows Phone apps will succeed but the apps become useless. Make sure the enterprise code signing certificate contains the private key!
- Start the VS2012 x86 Native Tools Command Prompt using the “Run as administrator” option and switch to the following folder: %ProgramFiles(x86)%\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool
- Use the following command to sign the Company Portal App: C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool>xapsigntool sign /v /signtool "C:\Program Files (x86)\Windows Kits\8.0\bin\x86" /f [certificate.pfx] /p [password] SSP.xap
Be sure to update this command with appropriate values for your SSP.XAP, PFX filename and the password you used to protect your enterprise cert.
You should also see the date modified field change to the current time and the XAP file size change to approx. 343 KB. You can now upload this along with your enterprise certificate into Configuration Manager 2012 SP1 or Windows Intune.
To ease the process of signing your Windows Phone 8 app you can use the following PowerShell script code:
$signtool = ‘C:\Program Files (x86)\Windows Kits\8.0\bin\x86’
$certificate = ‘C:\Users\user1\Documents\Certificates\<code signing certificate>’
$password = ‘<password>’
$app = ‘C:\Program Files (x86)\Microsoft Corporation\Windows Intune Company Portal for Windows Phone 8\ssp.xap’
& ‘C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\XapSignTool\xapsigntool’ sign /v /signtool $signtool /f $certificate /p $password $app
The Windows Phone 8 App Code signing PowerShell script can be download here from TechNet Gallery