Home
%3CLINGO-SUB%20id%3D%22lingo-sub-363547%22%20slang%3D%22en-US%22%3EMSIX%20-%20The%20MSIX%20Packaging%20Tool%20-%20signing%20the%20MSIX%20package%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363547%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20MSDN%20on%20Sep%2006%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20So%2C%20as%20we%20noticed%20a%20certificate%20is%20needed%20to%20sign%20the%20MSIX%20package.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Especially%20for%20those%20with%20a%20history%20in%20packaging%2C%20signing%20an%20AppX%2FMSIX-package%20could%20potentially%20be%20the%20first%20time%20you're%20ever%20faced%20with%20the%20requirement.%20So%E2%80%A6.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSTRONG%3EWhy%20should%20we%20sign%20packages%3F%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Signing%20code%20or%20binaries%20nowadays%20is%20common%20practice.%20Starting%20with%20executables%2C%20drivers%20and%20scripts%20code%20signing%20ensures%20source%2C%20integrity%20and%20alignment%20with%20release%20processes%20of%20the%20given%20code.%20Starting%20with%20Microsoft%20Store%20this%20was%20introduced%20into%20Windows%20as%20a%20requirement%20to%20deploy%20AppX%20successfully.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Beside%20the%20use%20in%20production%20environments%2C%20during%20package%20creation%20and%20testing%20there%20are%20possibilities%20to%20bypass%20this%20requirement.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSTRONG%3E%20We%20have%202.5%26nbsp%3B%26nbsp%3B%20options%3A%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3ESet%20up%20a%20CA%20in%20our%20test%20environment%2C%20and%20request%20a%20code%20signing%20certificate.%20All%20MSIX%20packages%20signed%20with%20this%20certificate%20can%20be%20installed%20on%20all%20computers%20in%20our%20environment%20(since%20they%20trust%20that%20CA)%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%3CP%3EHow%20to%20configure%20the%20PKI%20for%20code%20signing%20certificates%3A%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Femea01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fblogs.technet.microsoft.com%252Fdeploymentguys%252F2013%252F06%252F14%252Fsigning-windows-8-applications-using-an-internal-pki%252F%26amp%3Bdata%3D02%257C01%257C%257C827963ef001a46c9b41508d612aca210%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636716929990198752%26amp%3Bsdata%3DafJrpYBE8PelRYCiNq1u%252FLWbhhhQEFGuoSyzacMzHQg%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fdeploymentguys%2F2013%2F06%2F14%2Fsigning-windows-8-applications-using-an-internal-pki%2F%20%3C%2FA%3E%20%3CBR%20%2F%3E%20Since%20we%20got%20no%20test%20environment%20set%20up%20whatsoever%2C%20that%20would%20be%20the%200.5%20option%3C%2FP%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3ERequest%20a%20Code%20Signing%20certificate%20from%20a%203rd%20party%2C%20like%20for%20example%20over%20at%20%3CA%20href%3D%22https%3A%2F%2Femea01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.digicert.com%26amp%3Bdata%3D02%257C01%257C%257C827963ef001a46c9b41508d612aca210%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636716929990208764%26amp%3Bsdata%3D88iEKudjFinHyCbtTq211j4NfzWbD5NbwlkBrq4H6BU%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20Digicert%3C%2FA%3E%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3ECreate%20a%20Self%20signed%20certificate.%20%3CBR%20%2F%3E%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F86253i97BCDFAC5B24B646%22%20%2F%3E%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EThe%20instructions%20on%20%3CA%20href%3D%22https%3A%2F%2Femea01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fuwp%252Fpackaging%252Fcreate-certificate-package-signing%26amp%3Bdata%3D02%257C01%257C%257C827963ef001a46c9b41508d612aca210%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636716929990208764%26amp%3Bsdata%3DzlIkBbi0585WQgnfPS%252B2ay6qj7O2fx2jovCUd6TN6Bo%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fuwp%2Fpackaging%2Fcreate-certificate-package-signing%20%3C%2FA%3E%20makes%20this%20very%20easy.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EExport%20the%20certificate%20from%20the%20certificate%20store%20and%20sign%20your%20packages%20with%20the%20certificate%2C%20and%20place%20the%20certificate%20in%20the%20trusted%20root%20of%20the%20machine%20on%20which%20you%E2%80%99re%20going%20to%20install%20the%20MSIX%20package.%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20%3CSTRONG%3EWhat%20to%20do%20when%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Focusing%20on%20AppX%2FMSIX%20there%20are%20four%20major%20scenarios%20present%20with%20different%20possibilities%3A%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3E%3CSTRONG%3E%20Packaging%20%3C%2FSTRONG%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20During%20packaging%20Codesigning%20can%20be%20bypassed%20via%20the%20Developer-Mode%20in%20Windows%2010.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CA%20href%3D%22https%3A%2F%2Femea01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows%252Fuwp%252Fget-started%252Fenable-your-device-for-development%26amp%3Bdata%3D02%257C01%257C%257C827963ef001a46c9b41508d612aca210%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636716929990218772%26amp%3Bsdata%3Dye8f7S8LVnV%252Fn3dwxi3eOI1Ka78mc6j73cc7kX6XfDk%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fuwp%2Fget-started%2Fenable-your-device-for-development%20%3C%2FA%3E%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3E%3CSTRONG%3E%20Testing%20%3C%2FSTRONG%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20Developer-Mode%20will%20not%20help%20during%20package%20testing.%20Best%20would%20be%20to%20Test-Sign%20the%20package%20internally%20with%20your%20own%20PKI%20infrastructure%20or%20a%20Self-Signed%20Certificate%3A%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3E%3CSTRONG%3E%20Private%20Deployment%20%3C%2FSTRONG%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20Private%20Deployment%20means%20deployment%20only%20on%20company%20owned%20and%20managed%20devices.%20In%20this%20case%20code%20signing%20using%20your%20PKI%20infrastructure%20is%20perfectly%20fine%20and%20the%20most%20stable%20implementation.%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3E%3CSTRONG%3E%20Public%20Deployment%20%3C%2FSTRONG%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20Having%20a%20public%20deployment%20on%20an%20AppX%2FMSIX%20package%20most%20likely%20means%20uploading%20it%20to%20Microsoft%20Store.%20Only%20once%20you%20need%20to%20create%20a%20developer%20account%20for%20your%20company%2C%20which%20will%20give%20you%20access%20to%20the%20required%20upload%20area.%20During%20the%20process%20of%20final%20package%20checks%20the%20package%20will%20automatically%20get%20signed%20and%20all%20Windows%2010%20Clients%20will%20trust%20the%20resulting%20package.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Ingmar%20Oosterhoff%2C%20Johannes%20Freundorfer%20and%20Matthias%20Herfurth%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-363547%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Sep%2006%2C%202018%20So%2C%20as%20we%20noticed%20a%20certificate%20is%20needed%20to%20sign%20the%20MSIX%20package.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-363547%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMAD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-736901%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20-%20The%20MSIX%20Packaging%20Tool%20-%20signing%20the%20MSIX%20package%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-736901%22%20slang%3D%22en-US%22%3E%3CP%3EHi...%20thank%20you%20for%20this%20post%20%3A)%3C%2Fimg%3E%3CBR%20%2F%3EWhat%20I'm%20missing%20is%20an%20option%20how%20to%20sign%20a%20MSIX%20package%20via%20an%20USB%20token%20(e.g.%20GlobalSign).%20Normally%20I%20use%20the%20Signtool%20and%20the%20Common%20Name%20of%20my%20Extended%20Validation%20Certificate%20and%20everything%20works%20automagically.%20But%20how%20can%20I%20do%20this%20with%20the%20MSIX%20Packaging%20Tool%3F%3CBR%20%2F%3EThanks...%3CBR%20%2F%3E%26nbsp%3B%20Achim%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-817377%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20-%20The%20MSIX%20Packaging%20Tool%20-%20signing%20the%20MSIX%20package%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-817377%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20having%20the%20same%20issue%20as%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F370719%22%20target%3D%22_blank%22%3E%40ahzf2305%3C%2FA%3E%26nbsp%3B.%26nbsp%3B%20I%20cant%20find%20any%20docs%20on%20how%20to%20EV%20code%20sign%20an%20MSIX%20package.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-818294%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20-%20The%20MSIX%20Packaging%20Tool%20-%20signing%20the%20MSIX%20package%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-818294%22%20slang%3D%22en-US%22%3E%3CP%3ECorrection%2C%20I%20got%20it%20working.%26nbsp%3B%20Had%20a%20%22moment%20of%20clarity%22%20shortly%20after%20posting%20my%20last%20message.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3ERan%20through%20these%20rough%20steps%3C%2FP%3E%3COL%3E%3CLI%3EInstall%20SafeNet%20Client%20-%20%3CA%20href%3D%22https%3A%2F%2Fsupport.sectigo.com%2FCom_KnowledgeDetailPage%3FId%3DkA01N000000zFLx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.sectigo.com%2FCom_KnowledgeDetailPage%3FId%3DkA01N000000zFLx%3C%2FA%3E%3C%2FLI%3E%3CLI%3EInstall%20Windows%2010%20SDK%20-%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-US%2Fwindows%2Fdownloads%2Fwindows-10-sdk%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.microsoft.com%2Fen-US%2Fwindows%2Fdownloads%2Fwindows-10-sdk%3C%2FA%3E%3C%2FLI%3E%3COL%3E%3CLI%3ESelect%20all%20options%3C%2FLI%3E%3C%2FOL%3E%3CLI%3ESafeNet%20will%20launch%20to%20system%20tray%2C%20plug%20in%20usb%20key%20and%20enter%20password%3C%2FLI%3E%3CLI%3EPackage%20application%20using%20criteria%20here%3C%2FLI%3E%3COL%3E%3CLI%3EGenerate%20initial%20package%20without%20signing.%3C%2FLI%3E%3CLI%3EMSIX%20app%20manifest%20publisher%20name%20must%20exactly%20match%20the%20entire%20subject%20section%20of%20the%20certificate.%3C%2FLI%3E%3CLI%3EMSIX%20app%20manifest%20Publisher%20display%20must%20match%20the%20subject%20display%20name.%3C%2FLI%3E%3C%2FOL%3E%3CLI%3EOpen%20cmd%20prompt%20to%20%E2%80%9CC%3A%5CProgram%20Files%20(x86)%5CWindows%20Kits%5C10%5Cbin%5C10.0.17763.0%5Cx64%5C%E2%80%9D%3C%2FLI%3E%3COL%3E%3CLI%3EBuild%20number%20must%20change%20based%20of%20packaging%20pc.%3C%2FLI%3E%3C%2FOL%3E%3CLI%3EEnter%20signtool%20sign%20%2Ftr%20%25vendorspecifictime%25%20%2Ftd%20sha256%20%2Ffd%20sha256%20%2Fa%20%25changetolocationoffiletobesigned%25%3C%2FLI%3E%3COL%3E%3CLI%3EErrors%20can%20be%20diagnosed%20via%20Event%20Viewer%20(Local)%20%26gt%3B%20Applications%20and%20Services%20Logs%20%26gt%3B%20Microsoft%20%26gt%3B%20Windows%20%26gt%3B%20AppxPackagingOM%20%26gt%3B%20Microsoft-Windows-AppxPackaging%2FOperational%3C%2FLI%3E%3CLI%3ESafeNet%20will%20popup%2C%20enter%20password%20for%20key.%26nbsp%3B%20DO%20NOT%20BULK%20ATTEMPT%20THE%20PASSWORD!!!!!!!!!!!!%3C%2FLI%3E%3C%2FOL%3E%3CLI%3ETo%20verify%20code%20sign%2C%20right%20click%20on%20file%2C%20properties%20and%20change%20to%20digital%20signatures.%26nbsp%3B%20Look%20for%20file%20to%20be%20signed%20by%20your%20business.%3C%2FLI%3E%3CLI%3ETo%20manually%20install%20computer%20must%20be%20set%20to%20sideload%2C%20until%20published%20to%20microsoft%20store.%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848346%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20-%20The%20MSIX%20Packaging%20Tool%20-%20signing%20the%20MSIX%20package%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848346%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20really%20lost%20here.%20I've%20been%20using%20the%20MSIX%20tool%20for%202%20days%20repeated%20uploading%20to%20the%20store%20only%20to%20see%20my%20app%20installs%20fine%20then%20crashes%20at%20the%20start.%20There%20is%20a%20little%20tick%20box%20in%20MSIX%20that%20says%20'specify%20your%20own%20certificate%20to%20sign%20with'%20I%20thought%20the%20MSIX%20tool%20did%20all%20that%20for%20me%20(that's%20why%20I%20was%20typing%20in%20my%20publisher%20id%2Fdetails%20etc)%26nbsp%3B%20or%20am%20I%20wrong.%20Am%20I%20REQUIRED%20to%20have%20a%20certificate%20in%20order%20to%20put%20it%20on%20the%20store%3F%20So%20why%20the%20'option'%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20this%20is%20the%20case%20why%20isnt%20that%20made%20clear%20and%20why%20doesn't%20it%20fail%20to%20install%2Fvalidate.%20Why%20do%20I%20have%20to%20waste%20an%20hour%20of%20my%20time%20with%20each%20upload%20etc%20before%20getting%20the%20bad%20news%20as%20a%20crash%20only%20once%20I've%20gone%20through%20all%20the%20trouble%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%2C%20if%20this%20isn't%20the%20case%20then%20why%20does%20my%20app%20crash%20on%20the%20app%20store%20at%20start%20when%20it%20runs%20perfectly%20well%20in%20any%20other%20desktop%20environment%3F%20(Desktop%2FSteam%2FTesting)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft
First published on MSDN on Sep 06, 2018
So, as we noticed a certificate is needed to sign the MSIX package.

Especially for those with a history in packaging, signing an AppX/MSIX-package could potentially be the first time you're ever faced with the requirement. So….

Why should we sign packages?

Signing code or binaries nowadays is common practice. Starting with executables, drivers and scripts code signing ensures source, integrity and alignment with release processes of the given code. Starting with Microsoft Store this was introduced into Windows as a requirement to deploy AppX successfully.

Beside the use in production environments, during package creation and testing there are possibilities to bypass this requirement.

We have 2.5   options:

  • Set up a CA in our test environment, and request a code signing certificate. All MSIX packages signed with this certificate can be installed on all computers in our environment (since they trust that CA)


How to configure the PKI for code signing certificates:


https://blogs.technet.microsoft.com/deploymentguys/2013/06/14/signing-windows-8-applications-us...
Since we got no test environment set up whatsoever, that would be the 0.5 option




What to do when

Focusing on AppX/MSIX there are four major scenarios present with different possibilities:

  • Packaging


During packaging Codesigning can be bypassed via the Developer-Mode in Windows 10.

https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development

  • Testing


Developer-Mode will not help during package testing. Best would be to Test-Sign the package internally with your own PKI infrastructure or a Self-Signed Certificate:

  • Private Deployment


Private Deployment means deployment only on company owned and managed devices. In this case code signing using your PKI infrastructure is perfectly fine and the most stable implementation.

  • Public Deployment


Having a public deployment on an AppX/MSIX package most likely means uploading it to Microsoft Store. Only once you need to create a developer account for your company, which will give you access to the required upload area. During the process of final package checks the package will automatically get signed and all Windows 10 Clients will trust the resulting package.



Ingmar Oosterhoff, Johannes Freundorfer and Matthias Herfurth
4 Comments
Occasional Visitor

Hi... thank you for this post :)
What I'm missing is an option how to sign a MSIX package via an USB token (e.g. GlobalSign). Normally I use the Signtool and the Common Name of my Extended Validation Certificate and everything works automagically. But how can I do this with the MSIX Packaging Tool?
Thanks...
  Achim

Senior Member

I'm having the same issue as @ahzf2305 .  I cant find any docs on how to EV code sign an MSIX package.

Senior Member

Correction, I got it working.  Had a "moment of clarity" shortly after posting my last message.  

Ran through these rough steps

  1. Install SafeNet Client - https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFLx
  2. Install Windows 10 SDK - https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk
    1. Select all options
  3. SafeNet will launch to system tray, plug in usb key and enter password
  4. Package application using criteria here
    1. Generate initial package without signing.
    2. MSIX app manifest publisher name must exactly match the entire subject section of the certificate.
    3. MSIX app manifest Publisher display must match the subject display name.
  5. Open cmd prompt to “C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\”
    1. Build number must change based of packaging pc.
  6. Enter signtool sign /tr %vendorspecifictime% /td sha256 /fd sha256 /a %changetolocationoffiletobesigned%
    1. Errors can be diagnosed via Event Viewer (Local) > Applications and Services Logs > Microsoft > Windows > AppxPackagingOM > Microsoft-Windows-AppxPackaging/Operational
    2. SafeNet will popup, enter password for key.  DO NOT BULK ATTEMPT THE PASSWORD!!!!!!!!!!!!
  7. To verify code sign, right click on file, properties and change to digital signatures.  Look for file to be signed by your business.
  8. To manually install computer must be set to sideload, until published to microsoft store.
Occasional Visitor

I'm really lost here. I've been using the MSIX tool for 2 days repeated uploading to the store only to see my app installs fine then crashes at the start. There is a little tick box in MSIX that says 'specify your own certificate to sign with' I thought the MSIX tool did all that for me (that's why I was typing in my publisher id/details etc)  or am I wrong. Am I REQUIRED to have a certificate in order to put it on the store? So why the 'option'?

 

If this is the case why isnt that made clear and why doesn't it fail to install/validate. Why do I have to waste an hour of my time with each upload etc before getting the bad news as a crash only once I've gone through all the trouble?

 

And, if this isn't the case then why does my app crash on the app store at start when it runs perfectly well in any other desktop environment? (Desktop/Steam/Testing)