Fail to import certificate (pfx) in VS2012 for Metro App project

Question

To whom may concern,

I've tried VS2011 on Win8 B8375/B8370 and VS2012 on Win8 B8400, however I continue

getting "The Manifest Designer could not import the certificate" error message.

Is this a defect? Please show me the way to sign my Metro App with my own certificate. Thanks.

Answer 1

Hi Trend,

You do not need to sign your app.  The app will be singed when you submit it.  What are you trying to accomplish?

-Jeff

---

Jeff Sanders (MSFT)

Answer 2

If you are looking to sign your application, please take a look at the guidance here:

http://msdn.microsoft.com/en-us/library/windows/apps/br230260(v=vs.110).aspx

are you attempting to use a cert which was created on a previous preview build of Windows?

Answer 3

Hi Adrian,

  I tried this step

     Select from file

Pick an existing certificate file from the file system.

  And, I choose our company official certificate file (pfx), and then get a error message as my initial problem.

  Per Jeff's saying, do we need to sign Metro App officially?

  BTW, the certificate is also used for our desktop application.

Thanks,

Jonas

Answer 4

If you are looking to sign your application, please take a look at the guidance here:

http://msdn.microsoft.com/en-us/library/windows/apps/br230260(v=vs.110).aspx

are you attempting to use a cert which was created on a previous preview build of Windows?

Hi Adrian,

  I tried this step

     Select from file

Pick an existing certificate file from the file system.

  And, I choose our company official certificate file (pfx), and then get a error message as my initial problem.

  Per Jeff's saying, do we need to sign Metro App officially?

  BTW, the certificate is also used for our desktop application.

Thanks,

Jonas

Answer 5

Hi Trend,

You do not need to sign your app.  The app will be singed when you submit it.  What are you trying to accomplish?

-Jeff

---

Jeff Sanders (MSFT)

Hi Jeff,

  Does that mean we can just submit the App with test certificate which is generted by VS2012 as a Metro app project create?

Thanks,

Jonas

Answer 6

Hi, When trying to sign using your own company certificate in Visual Studio, Your certificate is validated against the steps detailed under the "Validating Certificates" section at this page http://msdn.microsoft.com/en-us/library/windows/apps/br230260.aspx.  I would caution you though, that using your own custom certificate requires your familiarity with MakeCert.exe and the various command line arguments supported and what they mean. For more information on MakeCert.exe see (http://msdn.microsoft.com/en-us/library/windows/apps/aa386968.aspx)

For your convenience I've copied the validation steps here performed by the Manifest Designer. Importing a certificate via the Manifest Designer.....

• Verifies the presence of the Basic Constraint extension and the value of the Basic Constraint extension, which must be either Subject Type=End Entity or unspecified.

• Verifies the value of the Enhanced Key Usage property, which must contain Code Signingand may also contain Lifetime Signing. Any other EKUs are prohibited.

• Verifies the value of the KeyUsage (KU) property, which must be either Unset or DigitalSignature.

• Verifies the existence of a private key exists.

• Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

Ensure your certificate meets all of these requirements and Visual Studio's Manifest Designer will be able to import your certificate. Let me know if this works for you.

Answer 7

Hi Jonas,

Yes.  See this post in the Windows Store forum:

http://social.msdn.microsoft.com/Forums/en-US/windowsstore/thread/27767f11-d2e8-4ef0-abc9-bd1aa1a04425

-Jeff

---

Jeff Sanders (MSFT)

Answer 8

Hi,

I have the same problem with importing certificates to sign my appx package. The certificate created by my own Microsoft CA server, and it meets all requirements you mentioned above. However importing it's not working at all.