Signing MSIX with Azure Trusted Signing Services

Question

Signing MSIX with Azure Trusted Signing Services

Willem Noorduin 0

Currently, we have problems in getting msix-packages and bundles to sign via Azure Trusted Services. We are using the msi from

https://download.microsoft.com/download/6d9cb638-4d5f-438d-9f21-23f0f4405944/TrustedSigningClientTools.msi

When this is installed, we are using the bundled winsdksetup.exe in install OptionId.SigningTools. When we are using this bundled tool

to install make-appx to make a msix, we can't sign it, and the signtool doesn't give clear error messages.

We did try to do the solution from https://techcommunity.microsoft.com/discussions/msix-discussions/signing-msix-packages-with-azure-trusted-signing-accounts/4372740, but we cannot find these exact versions.

Jaxel Rojas Lopez 30 Reputation points Microsoft Employee

2026-02-11T22:36:18.74+00:00

What's the specific error message you're receiving? Which version are you using of the signtool and dlib? Can you ensure that you try the latest versions found here? https://learn.microsoft.com/en-us/azure/artifact-signing/how-to-signing-integrations
Willem Noorduin 0 Reputation points

2026-02-13T06:21:38.3866667+00:00
Thanks for your answer.

We are using https://download.microsoft.com/download/a3c24ba9-ff1f-444f-b626-eff710f345c3/ArtifactSigningClientTools.msi from https://learn.microsoft.com/en-us/azure/artifact-signing/how-to-signing-integrations. The hope exists, that this is the latest (over time we noticed that that link is not changing)

We have:

PS C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools> (Get-Item Azure.CodeSigning.Dlib.Core.dll).VersionInfo

ProductVersion FileVersion FileName

1.0.68+Branch... 1.0.68.0 C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools\Azure.CodeSigning.Dlib.Core.dll

PS C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools> (Get-ItemAzure.CodeSigning.Dlib.dll).VersionInfo

Get-ItemAzure.CodeSigning.Dlib.dll : The term 'Get-ItemAzure.CodeSigning.Dlib.dll' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path wa

s included, verify that the path is correct and try again.

At line:1 char:2

(Get-ItemAzure.CodeSigning.Dlib.dll).VersionInfo

+ CategoryInfo : ObjectNotFound: (Get-ItemAzure.CodeSigning.Dlib.dll:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

PS C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools> (Get-Item Azure.CodeSigning.Dlib.dll).VersionInfo

ProductVersion FileVersion FileName

1.0.68+Branch... 1.0.68.0 C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools\Azure.CodeSigning.Dlib.dll

PS C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools> (Get-Item Azure.Core.dll).VersionInfo

ProductVersion FileVersion FileName

1.42.0+113545... 1.4200.24.40104 C:\ProgramData\Microsoft\MicrosoftTrustedSigningClientTools\Azure.Core.dll

PS C:\Users\svc_teamcity-sign> (Get-Item "C:\Program Files (x86)\Windows Kits\10\bin\latest\x64\signtool.exe").VersionInfo

ProductVersion FileVersion FileName

10.0.22621.2428 4.00 (WinBuil... C:\Program Files (x86)\Windows Kits\10\bin\latest\x64\signtool.exe

The error message when we try to use this for signing msix-bundles is a mere:

Number of files successfully Signed: 0

11:48:52 SignTool Error: This file format cannot be signed because it is not recognized.

11:48:52

11:48:52 Number of warnings: 0

11:48:52 SignTool Error: An error occurred while attempting to sign: ribasim_windows.msix

11:48:52

11:48:52 Number of errors: 1

11:48:52

11:48:52

11:48:52 Process exited with code 0

11:48:53 Publishing internal artifacts

and we have no idea if this tool has a debug mode.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 answer

Your answer

Jaxel Rojas Lopez 30 Reputation points Microsoft Employee

2026-02-11T22:36:18.74+00:00

What's the specific error message you're receiving? Which version are you using of the signtool and dlib? Can you ensure that you try the latest versions found here? https://learn.microsoft.com/en-us/azure/artifact-signing/how-to-signing-integrations
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

It seems you are experiencing issues with signing MSIX packages using Azure Trusted Signing Services and the tools provided. Here are some points to consider:

SignTool Errors: If you are encountering unclear error messages from SignTool, it may be helpful to enable debugging to get more detailed information about the errors. You can do this by using the /debug option when running SignTool, which may provide insights into what is going wrong.
Common Issues: Ensure that the Publisher entry in your app package manifest matches the Subject of the certificate you are using for signing. A mismatch can lead to errors like "Error: SignerSign() failed". You can check the certificate subject using PowerShell or CertUtil as described in the context.
Package Validity: If you receive error codes starting with 0x8008, this indicates that the package being signed is invalid. You may need to rebuild the package before attempting to sign it again.
Using the Correct Tools: Make sure that you are using the correct version of the tools required for signing MSIX packages. If the bundled tools do not match the required versions, it can lead to signing issues.
Documentation and Support: Since you mentioned trying solutions from a community discussion, consider checking the official Microsoft documentation for any updates or additional troubleshooting steps related to Azure Trusted Signing Services and SignTool usage.

If the problem persists, you may want to reach out to Microsoft support for further assistance specific to Azure Trusted Signing Services.

References:

Share via

Signing MSIX with Azure Trusted Signing Services

1 answer

Your answer