locked
Signing UWP App RRS feed

  • Question

  • User261475 posted

    What exactly is the requirement to create a company internal App with Xamarin.Forms UWP? I can compile the *.appxbundle-Package but nobody can install it because of an certificate error. If I try to use our normal code signing certificate from StartSSL to sign the package, I got the following error:

    `The Manifest Designer could not import the certificate.

    The certificate you selected is not valid for signing because it is either expired or has another issue. For more information, see: https://go.microsoft.com/fwlink/?LinkID=241478`

    The same certificate is used by our other desktop application with the signtool, so I guess the certificate is ok. Usage of the signtool for other .NET assemblies such as WPF projects:

    "C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /f "..\..\..\..\..\Finaltec\Framework\Signing.pfx" /p ... /tr "http://timestamp.globalsign.com/scripts/timestamp.dll" "$(TargetPath)"

    Are there any special requirements to sign a UWP app so anyone can install it? The used certificate is a Class 3 StartSSL Code Signing Certificate and it is valid until Junuary 2020. If I try to install the app with the generated test certificate from the Visual Studio, I got the message that the root certificate is not trusted and the installation process will be canceled. Even if I install the certificate manual before I got the same result error.

    Wednesday, October 26, 2016 10:59 AM

Answers

All replies

  • User21407 posted

    We're doing it this way via HockeyApp

    • Marked as answer by Anonymous Thursday, June 3, 2021 12:00 AM
    Friday, November 4, 2016 5:35 PM
  • User168739 posted

    Is there any other feedback from Xamarin about signing a UWP?. For delivering an internal Tablet app your only choice is to go through HockeyApp? Things that make you go hmmmmmmm.....

    Thursday, April 6, 2017 3:53 PM
  • User76049 posted

    I've managed to push out a few apps to UWP devices, self-signing was a waste of time, we ended up purchasing a code signing certificate from Thwate. That way the device can validate the package and allows you to install (assuming the use is allowing side loading).

    It's a horrible process though, if the install fails you get no notification (if side loading isn't enabled etc).

    We'll probably look at inTune or something to see if that improves the rollout process, also as it's Hockeyapp I can't give it to the support staff so I have to manage rollout as well as developing apps.

    They keep promising improvements to distributing UWP via Hockeyapp, 1st it was the spring of 2017, now they are talking about the fall of 2017.

    Thursday, April 6, 2017 3:58 PM
  • User261475 posted

    @PatrickLynch.Rampros said: Is there any other feedback from Xamarin about signing a UWP?. For delivering an internal Tablet app your only choice is to go through HockeyApp? Things that make you go hmmmmmmm.....

    Same here. We go with an StartSSL Class 2 private person certificate (their Class 3 Business certificate is invalid too...). It kinda sucks but thats UWP, not the best platform idea...

    Thursday, April 6, 2017 4:29 PM
  • User310833 posted

    We do not allow the execution of .ps1 scripts in our domain... So we were doing the following:

    1. Distribute the .appxbundle file
    2. Download the .appxbundle file on each machine
    3. Right-click the .appxbundle file
    4. Click Properties
    5. Click the Digital Signatures tab
    6. Click the signature (cert) in the Signature list list
    7. Click Details
    8. Click View Certificate
    9. Click Install Certificate
    10. Set Store Location to Local Machine
    11. Click Next (Confirm UAC prompt)
    12. Select Place all certificates in the following store
    13. Click Browse
    14. Select Trusted Root Certification Authorities
    15. Click Okay
    16. Click Next
    17. Click Finish

    If you see an "Import successful" alert- you may now install the app on that device (repeat on each device you want to install the app on).

    We will be making a powershell script that handles this certificate installation and runs the installer (if possible). Though, it is nice that the user must have the certificate installed on their machine prior to installation as it may ward off unwanted users...

    Tuesday, September 19, 2017 5:58 PM
  • User383768 posted

    Is there a tutorial on this??? I have done everything in (DFoulk -- September 2017) and I have tried to figure out WTF it is Microsoft expects of me.

    Android was WAAAAAAAAY easier and better to develop for; way to go MS. Yet another frustration. This sucks

    Friday, July 5, 2019 5:31 PM
  • User76049 posted

    @Xamtastic said: Is there a tutorial on this??? I have done everything in (DFoulk -- September 2017) and I have tried to figure out WTF it is Microsoft expects of me.

    Android was WAAAAAAAAY easier and better to develop for; way to go MS. Yet another frustration. This sucks

    The process to get a self signed app onto a Windows device is described above by @DFoulk It works as I have shared this post to team members installing beta builds.

    If you want to deploy to store or not side load your app needs to be signed with a valid code key from a verified code signing authority, you have to buy a certificate essentially.

    The process is not nice or sometimes obvious though so I share your frustrations, it's the worst platform to deploy to.

    Friday, July 5, 2019 6:57 PM
  • User76049 posted

    @Xamtastic said: Is there a tutorial on this??? I have done everything in (DFoulk -- September 2017) and I have tried to figure out WTF it is Microsoft expects of me.

    Android was WAAAAAAAAY easier and better to develop for; way to go MS. Yet another frustration. This sucks

    Also be aware, if the target machine does not have the SDK version your app has targeted in it's package manifest then you get the most useless error message so double check the OS build version. of the machine your deploying too.

    Apart from that, it should work ok.

    Friday, July 5, 2019 7:02 PM
  • User383768 posted

    It's on my local machine so I hope everything is up to par :smiley:

    After building the package (myappx86x64armDebug.appxbundle [Release and Debug mode]) the first go around I was prompt to "Update" (VStudio instance on box, makes sense), but got the signing error {below}. I uninstalled the instance and on re-installation I received an "Install" command (makes sense, and confirms "update" theory).

    So...I must have had a problem installing the cert maybe? [Windows + R] => "certmgr.msc" => [Menu > Action > Find Certificates] => Contains: "{Paste GUID}"

    RESULT: Store Found In... - Trusted Root Certification Authorities - Personal - Intermediate Certification Authorities

    However I still keep getting the same error: "Either you need a new certificate installed for this app package, or you need a new app package with trusted certificates. Your system administrator or the app developer can help. A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)" ........in other words, welcome to Beat City :'(

    Maybe a funky cert install? ...so rinse and repeat all, nada

    This is going to be on my mind all weekend. A weekend in Beat City.

    Friday, July 5, 2019 7:55 PM
  • User383768 posted

    UPDATE / RESOLUTION :

    1. I updated to the latest Visual Studio 19, v. 16.1.6.
    2. Blew out all the associated certs
    3. Re-packaged
    4. Installed Certs (via ps1 file) -- NOTE: difference, was asked to perform admin approval in Shell
    5. Installed App

    UWP successful install.

    Wednesday, July 10, 2019 2:48 PM