locked
Code Signing issue RRS feed

  • Question

  • I purchased a Comodo Code Signing Certificate, and when I select that in my Metro app, and build, I get

    Error 4 File content does not conform to specified schema. The 'Publisher' attribute is invalid - The value 'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' is invalid according to its datatype 'http://schemas.microsoft.com/appx/2010/manifest:ST_Publisher' - The Pattern constraint failed. C:\Users\jwaters\documents\visual studio 11\Projects\App1\App1\bin\Debug\AppxManifest.xml 10 57 App1

    I found this more detailed message

    'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' violates pattern constraint of '(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")))*'. The attribute 'Publisher' with value 'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' failed to parse. 

    It looks like the regexp doesn't understand PostalCode, which is in my certificate's Subject.

    Is there any way to get around this?

    Tuesday, August 21, 2012 6:55 PM

Answers

  • Hi John/Patrick,

    Our dev team has confirmed that PostalCode is missing from the manifest schema xsd/regex for the <Identity> element's Publisher attribute - a bug has been filed.  No information as yet for if or when a fix might be available.  Current workaround would be to request the certification authority (e.g. Comodo) to issue a new code signing certificate that leaves out the PostalCode element.  Our apologies - again as noted, a bug has been filed.

     

    Sincerely,

    Jack Davis

    Program Manager

    Windows Division
    DevX.AppX.Packaging


    Thursday, September 13, 2012 7:21 PM

All replies

  • Hi John,

    Got the same problem here. As you say, it is related to the postalcode field that is missing in the xsd/regex.

    I think I have to contact MS Support for this one.

    Regards,

    Patrick

    Friday, August 24, 2012 9:48 AM
  • Can someone from MSFT confirm that this is a problem, and work on a fix?
    • Proposed as answer by Jack-Davis Thursday, September 13, 2012 7:02 PM
    • Unproposed as answer by Jack-Davis Thursday, September 13, 2012 7:03 PM
    Friday, August 24, 2012 5:51 PM
  • Hi John/Patrick,

    Our dev team has confirmed that PostalCode is missing from the manifest schema xsd/regex for the <Identity> element's Publisher attribute - a bug has been filed.  No information as yet for if or when a fix might be available.  Current workaround would be to request the certification authority (e.g. Comodo) to issue a new code signing certificate that leaves out the PostalCode element.  Our apologies - again as noted, a bug has been filed.

     

    Sincerely,

    Jack Davis

    Program Manager

    Windows Division
    DevX.AppX.Packaging


    Thursday, September 13, 2012 7:21 PM
  • Thanks Jack, I did that and it resolved the issue for now.

    John

    Thursday, September 13, 2012 7:24 PM
  • Thanks Jack, I did that and it resolved the issue for now.

    John

    Did you requested new certificate without PostalCode or removed PostalCode from existing one manually?

    Thanks.

    Tuesday, October 9, 2012 12:52 PM
  • I requested a new certificate without the PostalCode in it.

    They have a process by which you can get it reissued without paying for another one, if you contact their support.

    John

    Wednesday, October 10, 2012 10:06 PM
  • I am having this issue as well.  My CA seems to be technically inept regarding these things.

    - Robert Beaubien

    Monday, December 24, 2012 4:07 PM
  • Been six months, any updates?
    Friday, March 1, 2013 5:39 PM
  • is this fixed in the RTM? i still getting this error.

    or should i contact microsoft support for an hotfix?


    Microsoft Certified Solutions Developer - Windows Store Apps Using C#


    Thursday, May 2, 2013 11:55 AM
  • Hi Dave,

    This entire thread is post-RTM. The problem is being investigated for a fix in the next version.

    --Rob

    Friday, May 3, 2013 10:35 PM
    Moderator
  • Hello Rob,

    The issue is open since August 2012 and still no solution. Now Comodo says that they can't re-issue the certificate without PostalCode.  I have to sign the app immediately. So what do you suggest us to do?

    On the other hand, isn't it a metter of develepment environment -namely Visual Studio 2012? It already has an update this month. 

    Necdet Inkaya

    Thursday, June 13, 2013 8:42 AM
  • Hello Rob and Jack,

    Could you please shed any light on how soon this issue is going to be resolved?
    I guess a many developers are in the same bad situation right now: I can't get a new certificate without PostalCode, and I have to sign my app very soon!

    What can we do?

    --Stephan van der Feest

    Saturday, June 29, 2013 12:52 PM
  • Hello Guys,

    As you can follow from above conversations, Microsoft keeps its calm with upmost silence, leaving us in the middle of no where.

    I contacted Microsoft Turkey, directly to find a solution to that tragicomic issue. It's been 3 weeks and still no response.

    On the other hand Comodo rejected once more to issue a Code Singing Certificate without Postal Code.

    Then I contacted Global Sign's Turkey office. And bammm! Problem solved. I got my new certificate within half-a-day.

    Of course the amount paid to Comodo has gone to trash.

    I hope you too can solve your problems.

    Necdet N. Inkaya

    Friday, August 2, 2013 2:31 PM
  • I found this thread searching for the problem of the PostalCode schema validation error with MakeAppx. A note about update:

    If you look in the XML/Schemas path under the Visual Studio install root there's a 2010_V2 Schema, check out the contents of that file, it has the PostalCode rule.. Perhaps there is another way to specify this schema, but I notice it seems to work if you set:

    <Prerequisites> <OSMinVersion>6.3.0</OSMinVersion>
    <OSMaxVersionTested>6.3.0</OSMaxVersionTested>
    </Prerequisites>

    in your AppxManifest.xml file, it will force the use of the 2010_v2 schema and PostalCode is accepted. (However I believe this creates only the Win/8.1 package, I guess you're sol if you want to make a win/8.0 package).

    Waitman Gobble
    San Jose, California

    Wednesday, January 1, 2014 12:27 AM