Forum Discussion
Sign the MSIX using pfx certificate using the command line version of MSIX Packaging Tool
MicrosoftHi ylexus,
The MSIX Packaging Tool does not support signing with .pfx certificates when using template files from the command line. You can use SignTool to sign your packages from the CLI: Sign an app package using SignTool - MSIX | Microsoft Docs
Chacon thanks. It looks like it's a hacky business, but eventually it worked.
I installed latest Windows SDK 10 but was getting the error below. Googling proved that's because the MSIX packing tool version was not compatible with signtool version. MSIX packaging tool has its own signtool.exe located in C:\Program Files\WindowsApps\Microsoft.MsixPackagingTool_1.2020.709.0_x64__8wekyb3d8bbwe\SDK, but it had very strict permissions and I had to take ownership and add myself execute permissions on everything under that directory. After that it worked.
"C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign /fd SHA256 /sha1 xxx /tr http://timestamp.comodoca.com file.msix Done Adding Additional Store SignTool Error: An unexpected internal error has occurred. Error information: "Error: SignerSign() failed." (-2146958839/0x80080209)ylexus For anyone revisiting this topic in future, you can also use my freeware tool to do exactly what is needed, as documented here: https://msixhero.net/documentation/command-line-interface-cli-reference/sign-msix-package-sign/. Additional benefit is the automatic adjustment of the manifest file, so that the subject and the publisher name match.
marcinotorowski If I use your tool for signing, will it solve the problem of using the same version of SignTool as used by the MSIX Packaging Tool that was used to create the MSIX in the first place, bypassing the need of finding the path to that signtool and hacking filesystem permissions?
