Highlighted

Invalid certificate for Windows 10 builds

New Here ,
Aug 08, 2017

Copy link to clipboard

Copied

Scenario & Background

I'm trying to build an app that is supposed to be published in the Windows Store using the online PhoneGap Build service (appid: 2745363). The target platform is Windows 10 (first x86 to give it a try, later x64 and ARM as well). I've read through a lot of blogs (including PhoneGap Build blog) and looked into sample configs on GitHub but until now wasn't able to successfully create a Windows 10 appx package with a valid certificate.

Currently, I'm getting the following error message:

error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.

What I did

1) Create the certificate using the following commands (tried many other variants as well, without luck) (btw.: the CN=1234... is not the one that I'm using: This is just for showing how I did this and how my publisher ID looks like according to the Windows dev center)

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -KeySpec "KeyExchange" -KeyUsage CertSign -Type CodeSigningCert -Subject "CN=12345678-1234-1234-1234-123456789012" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3")

$pwd = ConvertTo-SecureString -String somepwd -Force -AsPlainText

Export-PfxCertificate -cert "Cert:\LocalMachine\My\<thump>" -FilePath c:/cert.pfx -Password $pwd

2) Uploaded that certificate to PhoneGap Build and unlocked using the given password

3) Created the following config.xml

<?xml version='1.0' encoding='utf-8'?>

<widget id="com.brainchest.timezone" version="1.1.0" xmlns="http://www.w3.org/ns/widgets" xmlns:gap="http://phonegap.com/ns/1.0">

    <name>time-z.one</name>

    <description>

        ...

    </description>

    <author email="..." href="http://time-z.one">Brainchest</author>

    <content src="index.html" />

    <access origin="*" />

    <preference name="phonegap-version" value="cli-7.0.1" />

   

    <preference name="windows-appx-target" value="uap" />

    <preference name="windows-arch" value="x86" />

    <preference name="windows-target-version" value="10.0"/>

    <preference name="WindowsStoreIdentityName" value="<identity>"/>

    <preference name="windows-identity-name" value="<identity>" />

</widget>

Note: For <identity> I used Package/Identity/Name for the app in the Windows dev center.

Question

​What am I doing wrong with the certificate?

Views

519

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Invalid certificate for Windows 10 builds

New Here ,
Aug 08, 2017

Copy link to clipboard

Copied

Scenario & Background

I'm trying to build an app that is supposed to be published in the Windows Store using the online PhoneGap Build service (appid: 2745363). The target platform is Windows 10 (first x86 to give it a try, later x64 and ARM as well). I've read through a lot of blogs (including PhoneGap Build blog) and looked into sample configs on GitHub but until now wasn't able to successfully create a Windows 10 appx package with a valid certificate.

Currently, I'm getting the following error message:

error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.

What I did

1) Create the certificate using the following commands (tried many other variants as well, without luck) (btw.: the CN=1234... is not the one that I'm using: This is just for showing how I did this and how my publisher ID looks like according to the Windows dev center)

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -KeySpec "KeyExchange" -KeyUsage CertSign -Type CodeSigningCert -Subject "CN=12345678-1234-1234-1234-123456789012" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3")

$pwd = ConvertTo-SecureString -String somepwd -Force -AsPlainText

Export-PfxCertificate -cert "Cert:\LocalMachine\My\<thump>" -FilePath c:/cert.pfx -Password $pwd

2) Uploaded that certificate to PhoneGap Build and unlocked using the given password

3) Created the following config.xml

<?xml version='1.0' encoding='utf-8'?>

<widget id="com.brainchest.timezone" version="1.1.0" xmlns="http://www.w3.org/ns/widgets" xmlns:gap="http://phonegap.com/ns/1.0">

    <name>time-z.one</name>

    <description>

        ...

    </description>

    <author email="..." href="http://time-z.one">Brainchest</author>

    <content src="index.html" />

    <access origin="*" />

    <preference name="phonegap-version" value="cli-7.0.1" />

   

    <preference name="windows-appx-target" value="uap" />

    <preference name="windows-arch" value="x86" />

    <preference name="windows-target-version" value="10.0"/>

    <preference name="WindowsStoreIdentityName" value="<identity>"/>

    <preference name="windows-identity-name" value="<identity>" />

</widget>

Note: For <identity> I used Package/Identity/Name for the app in the Windows dev center.

Question

​What am I doing wrong with the certificate?

Views

520

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Aug 08, 2017 0
Adobe Employee ,
Aug 08, 2017

Copy link to clipboard

Copied

Where did you come up with your New-SelfSignedCertificate command parameters, specifically the TextExtension parameter?

Not seeing that here Create a certificate for package signing - UWP app developer | Microsoft Docs

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 08, 2017 0
New Here ,
Aug 09, 2017

Copy link to clipboard

Copied

When creating a certificate using the exact same command as given in the link the following build error is thrown.

Error - Your Windows Signing Key must have an EKU (Enhanced Key Usage) property of "Code Signing" - You can fix this here

This is exactly where TextExtension comes into play. It helps to specify the EKU for Code Signing. I've been playing around with several commands and neither fully works.

Btw: I've been able to build the app locally with PhoneGap because I was able to provide some command line arguments and use the build.json in order to provide the correct certificate. Here's what I did there:

phonegap build windows --archs="x86 x64 ARM" --release --buildConfig build.json

{

  "windows": {

    "release": {

      "packageCertificateKeyFile": "time-z.one_StoreKey.pfx"

    }

  }

}

The certificate that I'm using here is the one that is created by VS. Unfortunately, I can't use this certificate in PhoneGap Build as I don't know the password. But I have to unlock it in order for the build to run. Or is there a way to use this certificate?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 09, 2017 0
New Here ,
Aug 28, 2017

Copy link to clipboard

Copied

Hi ryanskihead​,

any update on this one?

Regards,

Stephan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 28, 2017 0