Sep 10 2023 02:30 PM
Used dotnet publish to generate a msix package (from Blazor MAUI project). During the process, dotnet has signed the msix file using our EV certificate, but it did not time-stamp it. So we’ve decided to re-sign it using signtool from Win SDK latest version 10.0.22621.0. However, the signtool reports an error:
SignTool Error: This file format cannot be signed because it is not recognized.
Using the same options to sign a regular msi file (from another project) produces no error.
Here is the complete command line used to sign both msix and msi (with the /sha1 thumbprint truncated for privacy):
“C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe” sign /a /sha1 e392… /tr http://timestamp.digicert.com /fd sha256 /td sha256 /d “test” /du http://www.winability.com “Q:\test-x64.msix”
Sep 13 2023 03:27 AM
Sep 13 2023 06:45 AM
Oct 03 2023 01:47 AM
Hi @AndreiBel
To diagnose this issue accurately, please attach the logs or share the error code that the SignTool is generating.
While signing an MSI and an MSIX package share some similarities, they are different. Please verify that the certificate meets requirements for signing MSIX- See here.
Thanks,
Fiza Azmi
PM, MSIX
Oct 03 2023 07:15 AM