Forum Discussion

Copper Contributor

Oct 28, 2021

Windows Application Packaging Project - cannot select code signing certificate

Visual Studio 2019 16.11.5. WPF project .NET Framework 4.8. I can deploy via ClickOnce with a code signing certificate I purchased. When I add a Windows Application Packaging Project to my solution t...

MVP

Oct 29, 2021

I'm not sure what is wrong in your case, but in my certs from both Digicert and Sectigo both have a field called "Basic Constraints". The value in mine is "Subject Type=End Entity, Path Length Constraint=None".

Copper Contributor

Oct 29, 2021

Thanks TIMOTHY_MANGAN Is it just me or does anyone else think it's nuts that there are no specs for public signing certificates for MSIX and that the tooling give you no indication of what's wrong when it doesn't work.

itoinbgb
Copper Contributor
Jan 27, 2022
Mike_Yeager Hello Mike, I was wondering if you found a solution? I am facing the same issue and even though I shared my screen with the support staff of ssl.com while going through each step, they claim that the certificates are ok. I am missing Basic Constraints as well.
- Mike_Yeager
  Copper Contributor
  Jan 27, 2022
  itoinbgb Unfortunately no updates from Microsoft. It does work if you run the signing tools manually, but not through VS.
  - itoinbgb
    Copper Contributor
    Jan 28, 2022
    Mike_Yeager I am using signtool as a workaround for msix bundles (appinstaller format), like this:
    
    "C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\signtool.exe" sign /fd SHA256 /tr http://ts.ssl.com /td sha256 /a /f "path_toCertificate\certificate.pfx" /p ******** "PathToPackage\Package.msixbundle"
    
    This works fine for msixbundle, and for individual msix packages, I am using MSIX Packaging Tool:
    
    I do hope this gets resolved eventually though, because this adds an additional step in the build process. Probably should buy another certificate from a CA that includes Basic Constraints.

Resources