Can not Sign the MSIX pacakge with self-signed certificate

Chunyang Zhu · ‎Jul 25 2018

I used Makeappx tool to convert my appx package to the msix package and now I want to test my msix package. I created a self-signed certificate by following the steps from how to create a certificate for packaging and signing . But when I am trying to sign my package using signtool, I always get the error message:

SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024846/0x80070032)

I have double checked the publisher name and encrpted algorithm I used. I have update to the Build17713. In build 17709, I created a simple test app and packed it with msix and successfully signed and installed. Anybody has the same issue with signing the package.

John Vintzel · ‎Jul 25 2018

If you go to event viewer does it have anymore details?

Applications and Services Logs > Microsoft > Windows > AppxPackagingOM ? Microsoft-Windows-AppxPackaging/Operational

John.

Toms Knostenbergs · ‎Jul 25 2018

Hi,

Yes, I have the same issue:
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024846/0x80070032)

Event viewer show me this: "The reader was created successfully without manifest validation." And it is under Information Level, not Warning or Error.

Details:
MSIX create with MSIX Packaging Tool (Preview)
OS build: 17713.1000
Signtool.exe used from C:\Program Files (x86)\Windows Kits\10\bin\10.0.17134.0

Peyman Zanjani · ‎Jul 25 2018

@Toms Knostenbergs sounds like you are using signtool to sign the package, is that correct? Can you please try to convert the package again using the MSIX Packaging Tool and add your test certificate in the last page of the wizard to have the tool sign the MSIX package? If you hit the same error please file a feedback hub problem from the error pop up so we can take a look at your logs.

Stephen Morgan · ‎Aug 03 2018

I have the same issue.

My OS = 17728.1000

I used the MSIX package tool. I created a pfx cert with a password. The CN name matches the CN in the msix. You cannot add the cert at the end of the MSIX package tool because it does not prompt for the cert password.

When I then try to sign the appx package, I receive the same error 0x80070032.

Please help!

TIMOTHY MANGAN · ‎Aug 04 2018

I have the same issue with self-signed certificate (0x80070032). The name is valid, and I can use the cert to sign an exe without issue. I am using 17134 version of signtool, and have tried both the x86 and x64 version of signtool.

Event operational log generates a single information entry (Event 181 - The reader was created successfully without manifest validation).

Enabling debug log produced single event of Event 0 (ErrorCode 15003 with EventPayload of all zeros))

Peyman Zanjani · ‎Aug 06 2018

@TIMOTHY MANGAN and @Stephen Morgan, looks like you are using the RS4 version of signtool. Please use the latest from the insider preview SDK:

https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewSDK

Johannes Freundorfer · ‎Aug 06 2018

Hi all,

I did quite some testing with different types of certificates. What I found out is:

- the MSIX Packaging Tool has its own Version of signtool boxed (I guess to remove the SDK as prerequisite

- Certificate passwords really make it break

What my solution was (beside to query for the most updated Insider SDK) to just copy out the Inboxed Signtool and run it on the commandline:

location on my box:

"C:\Program Files\WindowsApps\Microsoft.MsixPackagingTool_1.2018.725.0_x64__8wekyb3d8bbwe\signtool.exe"

signtool.exe sign /a /v /fd SHA256 /f "C:\MyCodeSignCustom.pfx" /p "SuperSecurePassword" "C:\MSIXPackage.appx"

Kind regards

/Johannes

TIMOTHY MANGAN · ‎Aug 07 2018

Johanes - Thanks for that. I was assuming from the "documentation" that I needed the SDK copy of signtool and never looked inside the packaging tool for a copy.

This isn't the best way to go about this, but at least I can finally test!

John Vintzel · ‎Aug 07 2018

We are working to get a new version of the tool out to resolve the password issue. As the thread mentions a new signtool is needed to sign MSIX files. Installing the SDK will offer this and we package it in the app so the SDK is not a requirement to use the MSIX Packaging Tool.

Stephen Morgan · ‎Aug 08 2018

@Johannes

Thank you very much. This worked for me.

I used the command line to copy out the signtool.exe file, then ran my signtool command and voila, my msix package was able to be signed. I still needed to turn on "Sideload apps" from the "for Developers" page under Windows "Settings", but that makes sense since I am not installing from the Store.

Johannes Freundorfer · ‎Aug 08 2018

Hi Timothy,

exactly this is what my solution should provide - final (production) solution of course should be something within the Tool. But for now - it let MSIX rock on my box.

Enjoy

Can not Sign the MSIX pacakge with self-signed certificate

Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Re: Can not Sign the MSIX pacakge with self-signed certificate

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Can not Sign the MSIX pacakge with self-signed certificate