locked
Code Signing issue

    Question

  • I purchased a Comodo Code Signing Certificate, and when I select that in my Metro app, and build, I get

    Error 4 File content does not conform to specified schema. The 'Publisher' attribute is invalid - The value 'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' is invalid according to its datatype 'http://schemas.microsoft.com/appx/2010/manifest:ST_Publisher' - The Pattern constraint failed. C:\Users\jwaters\documents\visual studio 11\Projects\App1\App1\bin\Debug\AppxManifest.xml 10 57 App1

    I found this more detailed message

    'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' violates pattern constraint of '(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")))*'. The attribute 'Publisher' with value 'CN=Falafel Software Inc, O=Falafel Software Inc, STREET="512 Capitola Ave,", L=Capitola, S=CA, PostalCode=95010, C=US' failed to parse. 

    It looks like the regexp doesn't understand PostalCode, which is in my certificate's Subject.

    Is there any way to get around this?

    Tuesday, August 21, 2012 6:55 PM

Answers

  • Hi John/Patrick,

    Our dev team has confirmed that PostalCode is missing from the manifest schema xsd/regex for the <Identity> element's Publisher attribute - a bug has been filed.  No information as yet for if or when a fix might be available.  Current workaround would be to request the certification authority (e.g. Comodo) to issue a new code signing certificate that leaves out the PostalCode element.  Our apologies - again as noted, a bug has been filed.

     

    Sincerely,

    Jack Davis

    Program Manager

    Windows Division
    DevX.AppX.Packaging


    Thursday, September 13, 2012 7:21 PM

All replies

  • Hi John,

    Got the same problem here. As you say, it is related to the postalcode field that is missing in the xsd/regex.

    I think I have to contact MS Support for this one.

    Regards,

    Patrick

    Friday, August 24, 2012 9:48 AM
  • Can someone from MSFT confirm that this is a problem, and work on a fix?
    Friday, August 24, 2012 5:51 PM
  • Hi John/Patrick,

    Our dev team has confirmed that PostalCode is missing from the manifest schema xsd/regex for the <Identity> element's Publisher attribute - a bug has been filed.  No information as yet for if or when a fix might be available.  Current workaround would be to request the certification authority (e.g. Comodo) to issue a new code signing certificate that leaves out the PostalCode element.  Our apologies - again as noted, a bug has been filed.

     

    Sincerely,

    Jack Davis

    Program Manager

    Windows Division
    DevX.AppX.Packaging


    Thursday, September 13, 2012 7:21 PM
  • Thanks Jack, I did that and it resolved the issue for now.

    John

    Thursday, September 13, 2012 7:24 PM
  • Thanks Jack, I did that and it resolved the issue for now.

    John

    Did you requested new certificate without PostalCode or removed PostalCode from existing one manually?

    Thanks.

    Tuesday, October 09, 2012 12:52 PM
  • I requested a new certificate without the PostalCode in it.

    They have a process by which you can get it reissued without paying for another one, if you contact their support.

    John

    Wednesday, October 10, 2012 10:06 PM
  • Hi Jack,

    Do you know if this has been resolved yet? I'm having difficulty explaining to Digicert that I actually need to have the Postal Code removed (they want to re-issue an identical cert:-( 

    Any updates  would be great to know about. Thanks!

    (Or even any workarounds:-)

    Friday, November 30, 2012 4:48 PM
  • I am having this issue as well.  My CA seems to be technically inept regarding these things.

    - Robert Beaubien

    Monday, December 24, 2012 4:07 PM
  • Been six months, any updates?
    Friday, March 01, 2013 5:39 PM
  • Totally hacked off --- spent hundreds of dollars on a DigiCert EV certificate and there are two main problems:

    1. Microsoft's Schema for validating certificates in Windows 8 Apps still does not allow PostalCode (as per this thread), while DigiCert insists on including it. Not sure if this is the fault of DigiCert or Microsoft, but I suspect the latter, as it seems very reasonable to include PostalCode. Or more likely it's both of their faults as they both bang on about how they worked together to create cert solutions for Windows 8, but obviously no-one from either side even did the simplest thing of signing a Windows 8 app to see if it works...

    2. DigiCert support is ludicrous. They insist on repeating verbatim the information on their Web site, without actually attempting to understand my question. (i.e. all you need to do is mention 'Windows 8' and they straight away start talking about their EV certs, blah, blah, blah. They seem so stupid they don't even know how their own products work. I will NEVER use them again. For example, they ignored my emails, and their instant chat 'Support' person kept telling me the same thing about EV certs.

    If I ran my software company like either of these two (at least in this instance) then we'd be broke in a heartbeat. I just don't understand how they can get away with this...

    RESULT = I decided to give away the APP for free in the Windows 8 store for both end users and enterprises, thereby not making any money for us, but also not contributing to Digicert or Windows 8 store revenue in the future. (By the way, it's a great app! Check out http://www.point8020.com --- the app is called ShowMe Windows 8, and as I say it's now totally free. I'd be grateful if you folks could blog/tweet both this post and the resulting free app on our site. I guess as many folks as possible can now benefit from it, for free. Thanks!

    Friday, March 01, 2013 6:11 PM
  • is this fixed in the RTM? i still getting this error.

    or should i contact microsoft support for an hotfix?


    Microsoft Certified Solutions Developer - Windows Store Apps Using C#


    Thursday, May 02, 2013 11:55 AM
  • Hi Dave,

    This entire thread is post-RTM. The problem is being investigated for a fix in the next version.

    --Rob

    Friday, May 03, 2013 10:35 PM
    Owner
  • Hello Rob,

    The issue is open since August 2012 and still no solution. Now Comodo says that they can't re-issue the certificate without PostalCode.  I have to sign the app immediately. So what do you suggest us to do?

    On the other hand, isn't it a metter of develepment environment -namely Visual Studio 2012? It already has an update this month. 

    Necdet Inkaya

    Thursday, June 13, 2013 8:42 AM
  • Hello Rob and Jack,

    Could you please shed any light on how soon this issue is going to be resolved?
    I guess a many developers are in the same bad situation right now: I can't get a new certificate without PostalCode, and I have to sign my app very soon!

    What can we do?

    --Stephan van der Feest

    Saturday, June 29, 2013 12:52 PM
  • Hello Guys,

    As you can follow from above conversations, Microsoft keeps its calm with upmost silence, leaving us in the middle of no where.

    I contacted Microsoft Turkey, directly to find a solution to that tragicomic issue. It's been 3 weeks and still no response.

    On the other hand Comodo rejected once more to issue a Code Singing Certificate without Postal Code.

    Then I contacted Global Sign's Turkey office. And bammm! Problem solved. I got my new certificate within half-a-day.

    Of course the amount paid to Comodo has gone to trash.

    I hope you too can solve your problems.

    Necdet N. Inkaya

    Friday, August 02, 2013 2:31 PM
  • I found this thread searching for the problem of the PostalCode schema validation error with MakeAppx. A note about update:

    If you look in the XML/Schemas path under the Visual Studio install root there's a 2010_V2 Schema, check out the contents of that file, it has the PostalCode rule.. Perhaps there is another way to specify this schema, but I notice it seems to work if you set:

    <Prerequisites> <OSMinVersion>6.3.0</OSMinVersion>
    <OSMaxVersionTested>6.3.0</OSMaxVersionTested>
    </Prerequisites>

    in your AppxManifest.xml file, it will force the use of the 2010_v2 schema and PostalCode is accepted. (However I believe this creates only the Win/8.1 package, I guess you're sol if you want to make a win/8.0 package).

    Waitman Gobble
    San Jose, California

    Wednesday, January 01, 2014 12:27 AM