Forum Discussion
Need some clarity in how offical vendor should sign their applications
Hi, we are starting to get applications delivered from our vendors as MSIX packages. Then certificates they are signed with play a role I guess.
How will this work? Which certificates should be used, to avoid end customers to have to add lots of certificates?
1 Reply
Here is a list of trusted certificates that are included in Windows: https://docs.microsoft.com/en-us/security/trusted-root/participants-list
If you (or a vendor) are repackaging they can use any one of these authorities without needing to add new root certificates. If the apps are being repackaged you can also leverage a root from your Azure AD tenant. More details here: https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing
Using Azure AD tenant does require the 20H1 insider SDK.
John
