Code signing works on exe but doesn't on msix

Copper Contributor

Hi there,


I'm used to code sign our exe (built with Visual Studio and packed with Innosetup) without problem:

signtool.exe sign /n "oursoft" .\oursoft.exe

Done Adding Additional Store
Successfully signed: .\oursoft.exe

or also

signtool.exe sign /tr /td sha256 /fd sha256 /a .\oursoft.exe

Done Adding Additional Store


If instead I produce a MSIX install, with the same commands, it dooesn't work anymore:

signtool.exe sign /n "oursoft" .\oursoft.msix

Error information: "Error: SignerSign() failed." (-2146889723/0x80091005)


signtool.exe sign /tr /td sha256 /fd sha256 /a .\oursoft.msix
Done Adding Additional Store
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)


I can't fix that thus I can't put our application on the Microsoft store :(

Does someone have any idea of what is the origin of this problem?

Thank you for your help,




2 Replies

@pbertolino sorry for the delay in reverting on this question. Publishing an app on the Store should not need signing, your app will be signed with a trusted certificate for you. This allows the user to install and run your app without installing the associated app signing certificate. If you need the app signed for testing/internal publishing, you may want to try the following :
1. check if the publisher name in the manifest and the one you are trying to use to sign match
2. try using signtool.exe that comes with the SDK, to isolate the issue:
3. please submit a feedback hub request with the issue detail.
4. Are you able to sign while packaging using "Create App P
ackage" wizard?


Please update this thread with your findings. thank you. 



I've been running into a similar issue in Visual Studio 2022 17.5.2 when using "Create App Packages..."


It will sign the .msix file if you provide a valid code signing certificate, but will not timestamp the file when provided with a timestamp URL.

The file is correctly timestamped if you use signtool.exe with the /tr option.


In both instances I used:

- A code signing certificate from the local store issued by Sectigo

- The timestamp url