Forum Discussion

datamystic's avatar
datamystic
Copper Contributor
Sep 24, 2024

Uploaded MSIX has generic errors

I have generated a MSIX for my Delphi App, which runs perfectly locally. It passes all the blocking Windows App Store Cert issues.   When I upload it for the App Store, I get a series of generic er...
datamystic's avatar
datamystic
Copper Contributor
Sep 29, 2024
Unfortunately this solution provides exactly the same useless upload validation errors as the .msix upload. I did use the latest MakeAppx, (10.0.26100.1) which compresses the folder to a .msixbundle automatically (which I renamed to .msixupload).

The list of errors I get is:

You must upload at least one package. If you are using market groups, then each market group must have at least one package.
You must provide a package that supports each selected device family (or uncheck the box for unsupported device families). Note that targeting the Xbox device family requires a neutral or x64 package.
The package DataMystic.WordPipe.msixupload is taking a long time to process. If this isn’t completed soon, try refreshing the page, or remove the package and then upload it again. If you continue to see this issue, contact support.
You must fix all package validation errors before submitting.
DataMystic.WordPipe.msixuploadnull Bytes
Paused

I am wondering if there is a mismatch between the Package/Identity/Publisher in the App Store Submission settings, CN=0450C09A-9234-4278-A26F-336E0FD3FA66, and what my code signing key uses,
and what is in my App Manifest.xml for my code signing key:
<Identity Name="DataMysticPtyLtd.WordPipeSearchandReplaceforWord" Publisher="CN=DataMystic Pty Ltd, O=DataMystic Pty Ltd, S=Victoria, C=AU" Version="10.4.0.0" ProcessorArchitecture="x64" />

The Name is identical in both locations, but the CN is different.

TIMOTHY_MANGAN's avatar
TIMOTHY_MANGAN
MVP
Sep 30, 2024
The CN must match the publisher field of the AppXManifest for signing to be successful.
The CN must be as shown in the store, or there will be a problem after you upload to the store.
You can create a private cert with the correct CN in powershell using New-SelfSignedCertificate
  • TIMOTHY_MANGAN's avatar
    TIMOTHY_MANGAN
    MVP
    Sep 30, 2024

    Here is a powershell script that will create a password protected private code signing pfx file. It prompts you for the necessary information. It must be run elevated. It comes from our training class.

    $executingScriptDirectory = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
    Import-Module "C:\Program Files\WindowsPowerShell\Modules\PassiveInstall\PassiveInstall.dll"
    Approve-PassiveElevation -AsAdmin


    Write-Host
    Write-Host -ForegroundColor Cyan 'Input information for your certificate below:'
    $Company_Entered = Read-Host -Prompt "Enter your company name (Default='Company')"
    $CN = Read-Host -Prompt "Enter Subject aka CN=... (Default=leave blank to create from company name)"
    $Password_Entered = Read-Host -Prompt "Enter a password (Default='Lab123')"
    if ($Company_Entered.Length -lt 3)
    {
    $Company_Entered = 'Company'
    Write-Host "Company name defaulted to '$($Company)"
    }
    if ($CN.Length -gt 0)
    {
    $Publisher_CN = $CN
    }
    else
    {
    $Publisher_CN="CN=$($Company_Entered)"
    }
    Write-Host "Subject is $($Publisher_CN)"
    if ($Password_Entered.Length -lt 3)
    {
    $Password_Entered = 'Lab123'
    Write-Host "Password defaulted to '$($Password_Entered)"
    }

    Write-Host -ForegroundColor Cyan 'Processing...'
    $Publisher_DisplayName = "$($Company_Entered)"
    $Password=$Password_Entered
    $FolderToExportCert = "$($executingScriptDirectory)"
    $CertName="$($Company_Entered)"
    $pwd=ConvertTo-SecureString -String $Password -Force -AsPlainText
    $pfxName = "$($FolderToExportCert)\$($CertName).pfx"

    $cert = New-SelfSignedCertificate -Subject $Publisher_CN -FriendlyName $Publisher_DisplayName -KeyAlgorithm RSA -KeyLength 3072 -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -KeyExportPolicy Exportable -KeyUsage DigitalSignature -Type CodeSigningCert -CertStoreLocation "Cert:\LocalMachine\my" -KeyDescription "Code Signing Cert for MSIX Packages" -NotAfter "12/31/2039 23:59:59" -HashAlgorithm 'SHA256' -TextExtension @("2.5.29.19={text}CA=false")
    $cert | Export-PfxCertificate -FilePath $pfxName -Password $pwd -Force -CryptoAlgorithmOption AES256_SHA256

    Write-Host -ForegroundColor Cyan "Exported Certificate: File: $($pfxName)"
    Write-Host -ForegroundColor Cyan " MSIX Manifest uses: $($Publisher_CN)"
    Write-Host -ForegroundColor Cyan " Valid until: $($cert.NotAfter)"


    Remove-Item $cert.PSPath
    Write-Host -ForegroundColor Cyan "Done."
    pause

    • datamystic's avatar
      datamystic
      Copper Contributor
      Oct 01, 2024
      Thanks Tim, that's awesome. I followed your steps to create a self-signed cert, but unfortunately I get exactly the same errors after uploading the .msixupload file. Will have to try and get support from Microsoft somehow.
      • TIMOTHY_MANGAN's avatar
        TIMOTHY_MANGAN
        MVP
        Oct 01, 2024

        datamystic 

        The instructions are as clear as mud; so many make simple mistakes. Pay close attention to the following:

        1. The field from the store Package/Identity/Name must be identical to the PackageName field of the AppXManifest.
        2. The field from the store Package/Identity/Publisher must match that of the Publisher field of the AppXManifest, and also match the Subject Name on the certificate.  All three must use the CN= format.
        3. The store Package/Property/DisplayName should be the same as the publisher display name of the AppXManifest, however I doubt anyone checks that. 
        4. The msix file must be signed using the certificate with that subject field and either the certificate must not be expired, or you used a timestamp on the signing (although as you just created the cert, expiration should not be an issue).

Resources