Create a certificate for package signing

2017/2/8 3 min to read

[ Updated for UWP apps on Windows 10. For Windows 8.x articles, see the archive ]

This article explains how to create and export a certificate for app package signing using PowerShell tools. It's recommended that you use Visual Studio for Packaging UWP apps, but you can still package a Store ready app manually if you did not use Visual Studio to develop your app.

Important

If you used Visual Studio to develop your app, it's recommended that you use the Visual Studio wizard to import a certificate and sign your app package. For more information, see Package a UWP app with Visual Studio.

Prerequisites

  • A packaged or unpackaged app
    An app containing an AppxManifest.xml file. You will need to reference the manifest file while creating the certificate that will be used to sign the final app package. For details on how to manually package an app, see Create an app package with the MakeAppx.exe tool.

  • Public Key Infrastructure (PKI) Cmdlets
    You need PKI cmdlets to create and export your signing certificate. For more information, see Public Key Infrastructure Cmdlets.

Create a self signed certificate

A self signed certificate is useful for testing your app before you're ready to publish it to the store. Follow the steps outlined in this section to create a self signed certificate.

Determine the subject of your packaged app

To use a certificate to sign your app package, the "Subject" in the certificate must match the "Publisher" section in your app's manifest.

For example, the "Identity" section in your app's AppxManifest.xml file should look something like this:

Copy
Code
  <Identity Name="Contoso.AssetTracker"

    Version="1.0.0.0"

    Publisher="CN=Contoso Software, O=Contoso Corporation, C=US"/>

The "Publisher", in this case, is "CN=Contoso Software, O=Contoso Corporation, C=US" which needs to be used for creating your certificate.

Use New-SelfSignedCertificate to create a certificate

Use the New-SelfSignedCertificate PowerShell cmdlet to create a self signed certificate. New-SelfSignedCertificate has several parameters for customization, but for the purpose of this article, we'll focus on creating a simple certificate that will work with SignTool. For more examples and uses of this cmdlet, see New-SelfSignedCertificate.

Based on the AppxManifest.xml file from the previous example, you should use the following syntax to create a certificate. In an elevated PowerShell prompt:

Copy
Code
New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName <Your Friendly Name> -CertStoreLocation "Cert:\LocalMachine\My"

After running this command, the certificate will be added to the local certificate store, as specified in the "-CertStoreLocation" parameter. The result of the commmand will also produce the certificate's thumbprint.

Note
You can view your certificate in a PowerShell window by using the following commands:

Copy
Code
Set-Location Cert:\LocalMachine\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

This will display all of the certificates in your local store.

Export a certificate

To export the certificate in the local store to a Personal Information Exchange (PFX) file, use the Export-PfxCertificate cmdlet.

When using Export-PfxCertificate, you must either create and use a password or use the "-ProtectTo" parameter to specify which users or groups can access the file without a password. Note that an error will be displayed if you don't use either the "-Password" or "-ProtectTo" parameter.

  • Password usage

    Copy
    Code
    $pwd = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText
    
Export-PfxCertificate -cert "Cert:\LocalMachine\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $pwd

  • ProtectTo usage

    Copy
    Code
    Export-PfxCertificate -cert Cert:\LocalMachine\My\<Certificate Thumbprint> -FilePath <FilePath>.pfx -ProtectTo <Username or group name>

After you create and export your certificate, you're ready to sign your app package with SignTool. For the next step in the manual packaging process, see Sign an app package using SignTool.

创建一个UWP 打包签名的更多相关文章

  1. webpack学习--创建一个webpack打包流程

    创建一个webpack打包流程 首先安装webpack插件 mkdir webpack-demo && cd webpack-demo npm init -y npm install ...

  2. (2/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  3. (1/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  4. 如何在HoloLens中创建一个2D的Hello World程序

    注:本文提及到的代码示例下载地址 > How to build an "Hello World" 2D app in HololLens. HoloLens 是微软的一款MR ...

  5. [UWP]创建一个ProgressControl

    1. 前言 博客园终于新增了UWP的分类,我来为这个分类贡献第一篇博客吧. UWP有很多问题,先不说生态的事情,表单.验证.输入.设计等等一堆基本问题缠身.但我觉得最应该首先解决的绝对是Blend,那 ...

  6. 【Cocos2d-x for WP8 学习整理】(1)创建一个新项目

    喜大普奔                         10.1假期之前看到了一个很振奋的消息,就是随着Cocos2d-x 2.2的发布,WP8/WIN8有史以来第一次的合并到主版本了. 之前 V2 ...

  7. Android打包签名

    Ⅰ.用jdk和sdk自带工具打包签名 a.把jdk下的keytool.exe和jarsigner.exe所在目录(两个工具在同一目录) 添加到环境变量path 1)新建环境变量package,pack ...

  8. Git创建一个自己的本地仓库

    如果我们要把一个项目加入到Git的版本管理中,可以在项目所在的目录用git init命令建立一个空的本地仓库,然后再用git add命令把它们都加入到Git本地仓库的暂存区(stage or inde ...

  9. 【Android - 进阶】之代码打包签名与混淆

    代码打包签名 Android Studio为大家集成了代码打包混淆的功能,具体操作流程如下组图所示: 1.点击Android Studio上方工具栏的  Build -> Generate Si ...

随机推荐

  1. redis学习(九)——数据持久化

    一.概述 Redis的强大性能很大程度上都是因为所有数据都是存储在内存中的,然而当Redis重启后,所有存储在内存中的数据将会丢失,在很多情况下是无法容忍这样的事情的.所以,我们需要将内存中的数据持久 ...

  2. BZOJ3199 SDOI2013 逃考 半平面交、最短路

    传送门 如果我们对于每一个点能找到与其相邻的点(即不经过其他点监视范围能够直接到达其监视范围的点)和是否直接到达边界,就可以直接BFS求最短路求出答案. 所以当前最重要的问题是如何找到对于每一个点相邻 ...

  3. mongodb .explain('executionStats') 查询性能分析(转)

    mongodb性能分析方法:explain() 为了演示的效果,我们先来创建一个有200万个文档的记录.(我自己的电脑耗了15分钟左右插入完成.如果你想插更多的文档也没问题,只要有耐心等就可以了.) ...

  4. 分布式系统消息中间件——RabbitMQ的使用基础篇

    分布式系统消息中间件——RabbitMQ的使用基础篇

  5. 讲一个关于paxos的故事...

    先讲一个故事. 从前,在国王Leslie Lamport的统治下,有个黑暗的希腊城邦叫paxos.城邦里有3类人, 决策者 提议者 群众 虽然这是一个黑暗的城邦但是很民主,按照议会民主制的政治模式制订 ...

  6. ASP.NET MVC5+EF6+EasyUI 后台管理系统(91)-EF 连接 MySql

    前言 虽然系统目前只支持MSSQL版本,但是很多朋友公司技术规定必须使用MySql,下面我们就来使用EF连接MySQL吧! (1)安装MYSQL环境 1.下载安装MYSQL数据,这里我们安装phpSt ...

  7. python学习之第八篇——字典嵌套之字典中嵌套字典

    cities = { 'shanghai':{'country':'china','population':10000,'fact':'good'}, 'lendon':{'country':'eng ...

  8. NoSQL是什么?

    导读 NoSQL(not only sql,不仅仅是SQL),是一项全新的数据库革命性运动,泛指非关系型数据库,对于NoSQL这个新兴的名词,每个人的理解都不同.其实NoSQL一词最早出现于1998年 ...

  9. .net之httphandler小记

    本地调试代码遇到的一个问题,没有走URL路由器(UrlReWriter : IHttpHandlerFactory),于是网上科普了一下原理,主要有两点: 1.asp.net在处理http请求时,会由 ...

  10. 使用PHPExcel导出数据库表结构及内容

    导出表结构: mysql> desc user ; +----------+--------------+------+-----+---------------------+--------- ...