Hello,
We are setting up a SharePoint 2013 farm with a high trust Provider Hosted App Model infrastructure. We have external developers who will be building solutions we will want to host.
These external developers will be building in their own development VMs that they own and maintain independently. After a code review we will deploy to our environment.
We were asked to provide a copy of our cert. As I see it this is unnecessary. They can build their code around a self-signed cert and when we move the code into our environment we can change the web.config to point to our cert with the cert password. That way we protect the integrity of our cert.
Is that the correct development pattern? I want to make sure there isn't something I am missing on why they would need our cert. To me the security concern makes it a non-starter.
Thank you,
Joseph Irvine