How to sign a UWP app with an EV Code Signing Certificate

Gavam Atarix Ltd 6

Hello,

We have a UWP app that we want to distribute through side loading. In order to distribute it without a self signed certificate, we went ahead and bought an EV code signing certificate.

We cannot export the EV code signing certificate as a .pfx file and attach it to the UWP package manifest. Therefore, how can we sign our app? Should we sign the .appinstaller file through the signtool and that would be it?

Plus, we have already registered to the Hardware Developer Program where we signed a file and uploaded it the partner center and I don't know how that would help other than in the Microsoft Store.

Let me know what you think, we would really appreciate the help.

Regards,
Majid
Developer at
Gavam Atarix Ltd

Junjie Zhu - MSFT 16,701 Reputation points Microsoft Vendor

2022-12-14T03:26:39.55+00:00

Hello @Gavam Atarix Ltd ,
Welcome to Microsoft Q&A!

I searched for the content about EV Code Signing Certificate in the UWP official documents, but I didn't find it.
You can try to use SignTool to Sign a File.

Thank you.
Gavam Atarix Ltd 6 Reputation points

2022-12-14T10:04:46.007+00:00

Thank you Junie for the comment, We will try that out and update this post.
Junjie Zhu - MSFT 16,701 Reputation points Microsoft Vendor

2022-12-15T06:26:33.48+00:00

Yes, please let us know if there are any updates.
Gavam Atarix Ltd 6 Reputation points

2022-12-18T23:11:21.023+00:00

Hello, I was unable to manually sign the .msixbundle file because it is already signed. It is forced to be signed when I create app package then select distribution method to sideloading.
Gavam Atarix Ltd 6 Reputation points

2022-12-18T23:42:36.647+00:00

I get the error: "Error: SignerSign() failed." (-2146958839/0x80080209)
Junjie Zhu - MSFT 16,701 Reputation points Microsoft Vendor

2022-12-22T09:07:53.173+00:00

When packing the sideload package, you can choose not to sign.
Gavam Atarix Ltd 6 Reputation points

2022-12-26T14:06:04.79+00:00

Hello Junjie,

Thank you for replying back, I appreciate it.

I managed to create the app package without signing according to what you have provided. But, I am still unable to sign the .msixbundle file.
I keep getting the following error when attempting to sign: SignTool Error: An unexpected internal error has occurred. Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

And this is the signtool command that I used: signtool sign /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /a AtarixPackage_1.0.36.0_x86_x64.msixbundle

Let me know what needs to be done, I feel we are very close to sign the app.

Regards,
Majid
Gavam Atarix Ltd 6 Reputation points

2022-12-26T15:31:07.907+00:00

Plus, I also changed the Publisher property in the Identity inside the Package.appmanifest to the same publisher as the certificate and that still did not solve the issue.
Roy Li - MSFT 32,731 Reputation points Microsoft Vendor

2022-12-29T08:08:51.08+00:00

@Gavam Atarix Ltd Your quesion about using the sign tool is out of the scope of the UWP tag. We can't help more about how to use a sign tool and troubleshooting sign tool issue. You might take a look at this Sign a Windows 10 app package.

1 answer

Gavam Atarix Ltd 6 Reputation points

2023-01-01T00:25:30.313+00:00
We have successfully solved our issue and signed our UWP app package with an EV code signing certificate.

If you are looking to sign your UWP package or any other Windows 10 package, here are the steps to achieve that:

Make sure the subject name of the signing certificate matches the Publisher attribute of the Identity element in the Package.appxmanifest. Take a look here: how-to-create-a-package-signing-certificate

Create app package and select skip package signing.

Go to the package file (whether it is a .msix or .msixbundle file) and use the signtool to sign the package.

The cause of the "Error: SignerSign() failed." (-2147024885/0x8007000b) issue we had is that the subject name of our signing certificate did not match the Publisher attribute of the Identity element in the Package.appxmanifest file. We went ahead and changed it to the correct value.

Special thanks to @Junjie Zhu - MSFT and @Roy Li - MSFT for helping.
Please sign in to rate this answer.

1 person found this answer helpful.
Sadev Kalubowila 10 Reputation points

2024-07-09T04:47:24.85+00:00

Hi @Gavam Atarix Ltd . I have the same requirement what you have had. Can you please tell me from where you purchased the EV code signing certificate and the type as their are few types of EV certificates like Organization Validation (OV) or Standard Certificate and Extended Validation (EV) Certificates. Any suggestion is highly appreciated.
Sign in to comment

Share via

How to sign a UWP app with an EV Code Signing Certificate

1 answer