Forum Discussion
MSIX doesn't obtain trusted root certificate automatically
Hello,
our client has purchased a code signing certificate from a trusted root CA (GLOBALTRUST). The certificate is valid, and Windows 10 also automatically recognizes the the trusted root CA and installs (downloads) the appropriate root certificate automatically as soon as I view the certificate details.
But when trying to install a msix package with this certificate on a fresh Win 10 machine, Windows fails to automatically download the root certificate and hence won't allow end users to install the package.
Is this a missing implementation in msix or are there some additional settings for the app package / msix to avoid this problem?
thx and br,
Martin
- Martin82
It sounds like the certificate is just staying in memory after opening and passing the installer's check incorrectly.
The package has to be signed with the certificate, which it seems like it is and that certificate also has to be installed into the Trusted Root before installing the MSIX package. This can be done via the client's Group Policy in Active Directory, Manually or via some other installation method. I don't believe there's a way to get the MSIX itself to install the certificate it is signed with into the trusted root directly, it just doesn't have the low level access required to do so by design.
MSIX packages installed via the Microsoft store for example are signed by Microsoft and the certificate is already on the machine prior to downloading the MSIX from the Microsoft store.
https://docs.microsoft.com/en-us/windows/msix/package/signing-package-overview
