locked
Fail to import certificate (pfx) in VS2012 for Metro App project

    Question

  • To whom may concern,

    I've tried VS2011 on Win8 B8375/B8370 and VS2012 on Win8 B8400, however I continue

    getting "The Manifest Designer could not import the certificate" error message.

    Is this a defect? Please show me the way to sign my Metro App with my own certificate. Thanks.

    Sunday, June 3, 2012 8:06 AM

All replies

  • Hi Trend,

    You do not need to sign your app.  The app will be singed when you submit it.  What are you trying to accomplish?

    -Jeff


    Jeff Sanders (MSFT)

    Monday, June 4, 2012 3:39 PM
    Moderator
  • If you are looking to sign your application, please take a look at the guidance here:

    http://msdn.microsoft.com/en-us/library/windows/apps/br230260(v=vs.110).aspx

    are you attempting to use a cert which was created on a previous preview build of Windows?

    Monday, June 4, 2012 6:19 PM
  • Hi Adrian,

      I tried this step

         Select from file

    Pick an existing certificate file from the file system.

      And, I choose our company official certificate file (pfx), and then get a error message as my initial problem.

      Per Jeff's saying, do we need to sign Metro App officially?

      BTW, the certificate is also used for our desktop application.

    Thanks,

    Jonas

    Tuesday, June 5, 2012 3:09 AM
  • If you are looking to sign your application, please take a look at the guidance here:

    http://msdn.microsoft.com/en-us/library/windows/apps/br230260(v=vs.110).aspx

    are you attempting to use a cert which was created on a previous preview build of Windows?


    Hi Adrian,

      I tried this step

         Select from file

    Pick an existing certificate file from the file system.

      And, I choose our company official certificate file (pfx), and then get a error message as my initial problem.

      Per Jeff's saying, do we need to sign Metro App officially?

      BTW, the certificate is also used for our desktop application.

    Thanks,

    Jonas

    Wednesday, June 6, 2012 5:08 PM
  • Hi Trend,

    You do not need to sign your app.  The app will be singed when you submit it.  What are you trying to accomplish?

    -Jeff


    Jeff Sanders (MSFT)

    Hi Jeff,

      Does that mean we can just submit the App with test certificate which is generted by VS2012 as a Metro app project create?

    Thanks,

    Jonas

    Wednesday, June 6, 2012 5:11 PM
  • Hi, When trying to sign using your own company certificate in Visual Studio, Your certificate is validated against the steps detailed under the "Validating Certificates" section at this page http://msdn.microsoft.com/en-us/library/windows/apps/br230260.aspx.  I would caution you though, that using your own custom certificate requires your familiarity with MakeCert.exe and the various command line arguments supported and what they mean. For more information on MakeCert.exe see (http://msdn.microsoft.com/en-us/library/windows/apps/aa386968.aspx)

    For your convenience I've copied the validation steps here performed by the Manifest Designer. Importing a certificate via the Manifest Designer.....

    • Verifies the presence of the Basic Constraint extension and the value of the Basic Constraint extension, which must be either Subject Type=End Entity or unspecified.

    • Verifies the value of the Enhanced Key Usage property, which must contain Code Signingand may also contain Lifetime Signing. Any other EKUs are prohibited.

    • Verifies the value of the KeyUsage (KU) property, which must be either Unset or DigitalSignature.

    • Verifies the existence of a private key exists.

    • Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

    Ensure your certificate meets all of these requirements and Visual Studio's Manifest Designer will be able to import your certificate. Let me know if this works for you.

    Saturday, August 18, 2012 12:12 AM
  • Hi Jonas,

    Yes.  See this post in the Windows Store forum:

    http://social.msdn.microsoft.com/Forums/en-US/windowsstore/thread/27767f11-d2e8-4ef0-abc9-bd1aa1a04425

    -Jeff


    Jeff Sanders (MSFT)

    Monday, August 20, 2012 1:22 PM
    Moderator
  • Hi,

    I have the same problem with importing certificates to sign my appx package. The certificate created by my own Microsoft CA server, and it meets all requirements you mentioned above. However importing it's not working at all. 

    Wednesday, August 29, 2012 8:52 PM