locked
[UWP] code signing certificate RRS feed

  • Question

  • We have a windows 10 UWP app to be side loaded to our customers initially and submit to store eventually. My question is what code signing certificate needed for side load and store release respectively, can we use self-signed certificate such as created from openssl or Visual Studio generated temporary certificate for side load or store release? Thanks in advance

    Josh


    Friday, April 7, 2017 7:51 PM

All replies

  • If you publish through the store then the app will be signed by Microsoft.

    For side-loading you can use any trusted cert with the correct properties. See Create a certificate for package signing and Signing an app package . The latter includes the certificate requirements:

    During packaging, Visual Studio validates the specified certificate in the following ways:

    • Verifies the presence of the Basic Constraints extension and its value, which must be either Subject Type=End Entity or unspecified.

    • Verifies the value of the Enhanced Key Usage property, which must contain Code Signing and may also contain Lifetime Signing. Any other EKUs are prohibited.

    • Verifies the value of the KeyUsage (KU) property, which must be either Unset or DigitalSignature.

    • Verifies the existence of a private key exists.

    • Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

    • Proposed as answer by Azat Tazayan Saturday, April 8, 2017 7:30 AM
    Friday, April 7, 2017 10:20 PM