I am trying to formulate a process for sideloading AppX applications that are provided by 3rd party companies. We are using SCCM 2012 and Windows 8.1 Enterprise.

I approached the vendor of an application we want to use and they have very kindly provided us with the AppX and it's dependencies, and also a self signed certificate that was obviously created using Visual Studio when they created the application.

I don't think it's sustainable to deploy a certificate with every single metro application we wish to deploy. I have read all the documentation and I just want to clarify exactly what it is we need to ask these 3rd parties to do before we can deploy their applications as I'm not finding it very clear.

Am I right in saying we want them to sign their applications with a global Authenticode code signing certificate that will work for all of their applications, and then provide this certificate to us? At least that way we have one certificate per vendor which is a lot easier to manage.

If that's not possible then I think we would have to deploy a self signed certificate with each application which seems a bit strange to me, so I feel like I am missing something really obvious!