Forum Discussion

TIMOTHY_MANGAN's avatar
TIMOTHY_MANGAN
MVP
Aug 03, 2018

MSIX Packageing Tool / signtool certificate issues

1) I have a valid (paid for) code signing certificate from a well known CA that has a password so I can't use the in tool signing (which is something you should support!).   The 17134 SDK is presen...
Bogdan Mitrache's avatar
Bogdan Mitrache
Steel Contributor
Aug 07, 2018

Hi Tim,

 

According to MSFT docs comma (",") is a reserved character that must be escaped, as show in their examples from the linked article.

 

It seems that using "\," is still not considered correct by the GUI of MSIX packaging tool, but it does not complain when using the hex value for comma, i.e. "CN=TMurgent Technologies \2C LLP".

I don't have a test certificate at hand with a command in the publisher name to fully test it, but according to their docs it should work.

TIMOTHY_MANGAN's avatar
TIMOTHY_MANGAN
MVP
Aug 07, 2018

Thanks Bogdan - I'll give that a try.

  • TIMOTHY_MANGAN's avatar
    TIMOTHY_MANGAN
    MVP
    Aug 07, 2018

    Escaping in the dialog box as Bogdan suggested does indeed work.

     

    But the GUI of the tool should just accept the comma and escape it behind the scenes. 

     

    In addition, when there is documentation on all of this, the documentation should be clear about what to include in this field.  There will be confusion on if OU= parts should be included.  Just make it clear in the documentation, especially for people that don't deal in certificates regularly.

    • TIMOTHY_MANGAN's avatar
      TIMOTHY_MANGAN
      MVP
      Aug 07, 2018

      I spoke too soon...

       

      Entering the escape works to get past the UI dialog and makes a package if you don't sign it. The AppXManifest ends up with the \2C in the publishing field, but then the signtool errors (8007000b) against it.  I'm not sure if the fault on that is the PackagingTool or signtool.

       

      I would think that the least confusing solution for everyone is to let the PackagingTool accept the comma (and other escape-worthy characters) and place them in the Publishing field as is, and then fix the signtool to understand and escape if necessary.

       

      Of course the best solution might be to let me point to the certificate earlier in the PackagingTool and have it extract what it needs rather than allow us to mess this all up. Probably still need to fix signtool, but the more of this that can be automated the better.

      • Mo_Velayati's avatar
        Mo_Velayati
        Copper Contributor
        Jan 28, 2021

        TIMOTHY_MANGAN 

         

        Hi Timothy,

         

        Did you find a solution to this issue?

        I'm having the same problem.

         

        Best,

        Mo

Resources