Creating your own self-signed certificate for WAP

I had a need to create a test certificate that has the company name and subject fields to match a cert purchased from a public CA.  The idea is to use this cert in the build system for a Windows Application Project and let automation build the AppXManifest and sign using the test cert, and then the final package would be re-signed with the protected production cert later on.

 

I'm used to creating self-signed certs and using these to sign MSIX packages created by various tools, but I was unable to import these certs into the WAP, as they did not include the BasicConstraints field. 

 

I don't know why this is being used in the validation of the cert for import to the project, as signtool doesn't care about it.  Eventually I found how to create the self-signed cert with what is necessary, and this blog post A self-signed Code Signing Certificate for MSIX WAP – Confessions of a Guru (tmurgent.com) describes this in more detail and gives an updated PowerShell script that will generate one.