Forum Discussion

GrahamGB's avatar
GrahamGB
Iron Contributor
Jan 31, 2025
Solved

Signing MSIX packages with Azure Trusted Signing Accounts

I have a requirement to sign an MSIX package without access to a code signing certificate. I have successfully signed a powershell script using the Azure Trusted Signing Account: https://learn.mic...
  • GrahamGB's avatar
    GrahamGB
    Feb 18, 2025

    Have since identified that Trusted Signing Installer .msi doesn't install the correct configuration of dlib and compatible sign tool.

     

    Installing the latest sign tool 10.0.26610.3328 and dlib 1.0.68.0 using nuget packages overcomes the issue.

    Microsoft are updating documentation to reflect this, including ensuring that explicit paths to each component is set and calling signtool from the folder it resides in.

     

    & .\signtool.exe sign /v /debug /fd SHA256 /tr "http://timestamp.acs.microsoft.com" /td SHA256 /dlib "<Path to Trusted Signing dlib bin folder>\x64\Azure.CodeSigning.Dlib.dll" /dmdf "<Path to metadata file>\metadata.json" <File to sign>

GrahamGB's avatar
GrahamGB
Iron Contributor
Feb 01, 2025

Thanks luchete ,I'll review the display name again. Does that mean you've had success with this approach using trusted signing accounts?

luchete's avatar
luchete
Iron Contributor
Feb 01, 2025

GrahamGB,

I've worked in a project using this approach and worked for us. Despite the case was slightly different than yours, I think it would work for your scenario too. 

Resources