Jul 25 2018 10:21 AM
I used Makeappx tool to convert my appx package to the msix package and now I want to test my msix package. I created a self-signed certificate by following the steps from how to create a certificate for packaging and signing . But when I am trying to sign my package using signtool, I always get the error message:
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024846/0x80070032)
I have double checked the publisher name and encrpted algorithm I used. I have update to the Build17713. In build 17709, I created a simple test app and packed it with msix and successfully signed and installed. Anybody has the same issue with signing the package.
Jul 25 2018 11:44 AM
If you go to event viewer does it have anymore details?
Applications and Services Logs > Microsoft > Windows > AppxPackagingOM ? Microsoft-Windows-AppxPackaging/Operational
John.
Jul 25 2018 02:42 PM
Hi,
Yes, I have the same issue:
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024846/0x80070032)
Event viewer show me this: "The reader was created successfully without manifest validation." And it is under Information Level, not Warning or Error.
Details:
MSIX create with MSIX Packaging Tool (Preview)
OS build: 17713.1000
Signtool.exe used from C:\Program Files (x86)\Windows Kits\10\bin\10.0.17134.0
Jul 25 2018 03:55 PM - edited Jul 25 2018 06:06 PM
@Toms Knostenbergs sounds like you are using signtool to sign the package, is that correct? Can you please try to convert the package again using the MSIX Packaging Tool and add your test certificate in the last page of the wizard to have the tool sign the MSIX package? If you hit the same error please file a feedback hub problem from the error pop up so we can take a look at your logs.
Aug 03 2018 04:16 PM
I have the same issue.
My OS = 17728.1000
I used the MSIX package tool. I created a pfx cert with a password. The CN name matches the CN in the msix. You cannot add the cert at the end of the MSIX package tool because it does not prompt for the cert password.
When I then try to sign the appx package, I receive the same error 0x80070032.
Please help!
Aug 04 2018 09:08 AM
I have the same issue with self-signed certificate (0x80070032). The name is valid, and I can use the cert to sign an exe without issue. I am using 17134 version of signtool, and have tried both the x86 and x64 version of signtool.
Event operational log generates a single information entry (Event 181 - The reader was created successfully without manifest validation).
Enabling debug log produced single event of Event 0 (ErrorCode 15003 with EventPayload of all zeros))
Aug 06 2018 05:12 PM
@TIMOTHY MANGAN and @Stephen Morgan, looks like you are using the RS4 version of signtool. Please use the latest from the insider preview SDK:
https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewSDK
Aug 06 2018 11:20 PM
Hi all,
I did quite some testing with different types of certificates. What I found out is:
- the MSIX Packaging Tool has its own Version of signtool boxed (I guess to remove the SDK as prerequisite
- Certificate passwords really make it break
What my solution was (beside to query for the most updated Insider SDK) to just copy out the Inboxed Signtool and run it on the commandline:
location on my box:
"C:\Program Files\WindowsApps\Microsoft.MsixPackagingTool_1.2018.725.0_x64__8wekyb3d8bbwe\signtool.exe"
signtool.exe sign /a /v /fd SHA256 /f "C:\MyCodeSignCustom.pfx" /p "SuperSecurePassword" "C:\MSIXPackage.appx"
Kind regards
/Johannes
Aug 07 2018 06:01 AM
Aug 07 2018 10:24 AM
We are working to get a new version of the tool out to resolve the password issue. As the thread mentions a new signtool is needed to sign MSIX files. Installing the SDK will offer this and we package it in the app so the SDK is not a requirement to use the MSIX Packaging Tool.
Aug 08 2018 09:37 AM
@Johannes
Thank you very much. This worked for me.
I used the command line to copy out the signtool.exe file, then ran my signtool command and voila, my msix package was able to be signed. I still needed to turn on "Sideload apps" from the "for Developers" page under Windows "Settings", but that makes sense since I am not installing from the Store.
Aug 08 2018 11:00 PM
Hi Timothy,
exactly this is what my solution should provide - final (production) solution of course should be something within the Tool. But for now - it let MSIX rock on my box.
Enjoy