question

MikeYeager-2259 avatar image
0 Votes"
MikeYeager-2259 asked MikeYeager-2259 commented

Windows Application Packaging Project - cannot select code signing certificate

Visual Studio 2019 16.11.5. WPF project .NET Framework 4.8. I can deploy via ClickOnce with a code signing certificate I purchased. When I add a Windows Application Packaging Project to my solution to create an MSIX and open the appxmanifest dialog, on the Packaging tab, I click "Choose Certificate..." and "Select from store...". The dialog says, "No certificate available". If I choose "Select from file...", choose the .pfx and enter the password, the dialog says, "The Manifest Desinger could not import the certificate. The certificate you selected is not valid for signing because it is either expired or has another issue. for more information see http://go.microsoft.com/fwlink/?LinkID=241478".

The certificate was purchased from SSL.com specifically for code signing and, as stated above, works for ClickOnce. The article above says this:

 Validating Certificates
 During packaging, Visual Studio validates the specified certificate in the following ways:
    
  - Verifies the presence of the Basic Constraints extension and its value, which must be either Subject Type=End Entity or unspecified.
  - Verifies the value of the Enhanced Key Usage property, which must contain Code Signing and may also contain Lifetime Signing. Any other EKUs are prohibited.
  - Verifies the value of the Key Usage (KU) property, which must be either Unset or DigitalSignature.
  - Verifies the existence of a private key exists.
  - Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

Inspecting the certificate through the certmgr mmc:
144279-certmgr.png
I don't see "Basic Constraints". Is that the problem? Do I have to specifically request this from SSL.com?
Enhanced Key Usage is set to "Code Signing (1.3.6.1.5.5.7.3.3)"
Key Usage is set to "Digital Signature (80)"
I'm not sure how to tell if a private key exists.
The certificate is active and not expired.

Please help. SSL.com swears we shouldn't need anything else. Self-signing is covered very well in documentation, but public certificates are barely mentioned.

Thank you,
Mike


windows-wpf
certmgr.png (5.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

HuiLiu-MSFT avatar image
0 Votes"
HuiLiu-MSFT answered MikeYeager-2259 commented

For the problem of using three-party MSIX to package wpf project, it is recommended that you ask questions here.


If the answer is the right solution, please click Accept Answer and kindly upvote it. If you have extra questions about this answer, please click Comment.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you. I looked for an MSIX forum for quite a while, but couldn't find it.

0 Votes 0 ·