cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Code signing works on exe but doesn't on msix

pbertolino
Copper Contributor

‎Jul 05 2022 03:52 AM

‎Jul 05 2022 03:52 AM

Code signing works on exe but doesn't on msix

Hi there,
I'm used to code sign our exe (built with Visual Studio and packed with Innosetup) without problem:

signtool.exe sign /n "oursoft" .\oursoft.exe

Done Adding Additional Store
Successfully signed: .\oursoft.exe
or also
signtool.exe sign /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /a .\oursoft.exe
Done Adding Additional Store

 

If instead I produce a MSIX install, with the same commands, it dooesn't work anymore:
signtool.exe sign /n "oursoft" .\oursoft.msix
Error information: "Error: SignerSign() failed." (-2146889723/0x80091005)
or
signtool.exe sign /tr http://timestamp.comodoca.com /td sha256 /fd sha256 /a .\oursoft.msix
Done Adding Additional Store
SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

 

I can't fix that thus I can't put our application on the Microsoft store :(
Does someone have any idea of what is the origin of this problem?
Thank you for your help,
  Pascal

Labels:
1,030 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by pbertolino (Copper Contributor)
pbertolino

‎Jul 10 2022 07:07 AM

‎Jul 10 2022 07:07 AM

Solution

Re: Code signing works on exe but doesn't on msix

I finally fixed the problem: it was the publisher name that was incomplete:
When signing our Innosetup install, "CN=Ourcompany" was sufficient for the signing procedure to be successful.
While when signing the MSIX intall, it was not. It should have been " CN=Ourcompany, O=Ourcompany, S=Auvergne-Rhône-Alpes, C=FR, OID......."
I found the right publisher name value thanks to the Windows event viewer application that reported the details of the error.
The section to check was: Microsoft-Windows-AppxPackagingOM

I hope this will save time to somebody.

Pascal
0 Likes
Reply
MichalKala1991

‎Jul 13 2022 12:19 AM

‎Jul 13 2022 12:19 AM

Re: Code signing works on exe but doesn't on msix

Does the publisher on certificate need to match the publisher defined in MSIX package? Or can I sign any MSIX file?
1 Like
Reply
Bogdan Mitrache

‎Jul 14 2022 01:41 AM

‎Jul 14 2022 01:41 AM

Re: Code signing works on exe but doesn't on msix

Yes, they have to be a match otherwise you can't sign the MSIX package.

Technically, you can sign any MSIX package, if you change the publisher in the package to match the one from the certificate.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by pbertolino (Copper Contributor)
pbertolino

‎Jul 10 2022 07:07 AM

‎Jul 10 2022 07:07 AM

Solution

Re: Code signing works on exe but doesn't on msix

I finally fixed the problem: it was the publisher name that was incomplete:
When signing our Innosetup install, "CN=Ourcompany" was sufficient for the signing procedure to be successful.
While when signing the MSIX intall, it was not. It should have been " CN=Ourcompany, O=Ourcompany, S=Auvergne-Rhône-Alpes, C=FR, OID......."
I found the right publisher name value thanks to the Windows event viewer application that reported the details of the error.
The section to check was: Microsoft-Windows-AppxPackagingOM

I hope this will save time to somebody.

Pascal

View solution in original post

0 Likes
Reply