Create a certificate for package signing

2017/2/8 3 min to read

[ Updated for UWP apps on Windows 10. For Windows 8.x articles, see the archive ]

This article explains how to create and export a certificate for app package signing using PowerShell tools. It's recommended that you use Visual Studio for Packaging UWP apps, but you can still package a Store ready app manually if you did not use Visual Studio to develop your app.

Important

If you used Visual Studio to develop your app, it's recommended that you use the Visual Studio wizard to import a certificate and sign your app package. For more information, see Package a UWP app with Visual Studio.

Prerequisites

  • A packaged or unpackaged app
    An app containing an AppxManifest.xml file. You will need to reference the manifest file while creating the certificate that will be used to sign the final app package. For details on how to manually package an app, see Create an app package with the MakeAppx.exe tool.

  • Public Key Infrastructure (PKI) Cmdlets
    You need PKI cmdlets to create and export your signing certificate. For more information, see Public Key Infrastructure Cmdlets.

Create a self signed certificate

A self signed certificate is useful for testing your app before you're ready to publish it to the store. Follow the steps outlined in this section to create a self signed certificate.

Determine the subject of your packaged app

To use a certificate to sign your app package, the "Subject" in the certificate must match the "Publisher" section in your app's manifest.

For example, the "Identity" section in your app's AppxManifest.xml file should look something like this:

Copy
Code
  <Identity Name="Contoso.AssetTracker"

    Version="1.0.0.0"

    Publisher="CN=Contoso Software, O=Contoso Corporation, C=US"/>

The "Publisher", in this case, is "CN=Contoso Software, O=Contoso Corporation, C=US" which needs to be used for creating your certificate.

Use New-SelfSignedCertificate to create a certificate

Use the New-SelfSignedCertificate PowerShell cmdlet to create a self signed certificate. New-SelfSignedCertificate has several parameters for customization, but for the purpose of this article, we'll focus on creating a simple certificate that will work with SignTool. For more examples and uses of this cmdlet, see New-SelfSignedCertificate.

Based on the AppxManifest.xml file from the previous example, you should use the following syntax to create a certificate. In an elevated PowerShell prompt:

Copy
Code
New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName <Your Friendly Name> -CertStoreLocation "Cert:\LocalMachine\My"

After running this command, the certificate will be added to the local certificate store, as specified in the "-CertStoreLocation" parameter. The result of the commmand will also produce the certificate's thumbprint.

Note
You can view your certificate in a PowerShell window by using the following commands:

Copy
Code
Set-Location Cert:\LocalMachine\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

This will display all of the certificates in your local store.

Export a certificate

To export the certificate in the local store to a Personal Information Exchange (PFX) file, use the Export-PfxCertificate cmdlet.

When using Export-PfxCertificate, you must either create and use a password or use the "-ProtectTo" parameter to specify which users or groups can access the file without a password. Note that an error will be displayed if you don't use either the "-Password" or "-ProtectTo" parameter.

  • Password usage

    Copy
    Code
    $pwd = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText
    
Export-PfxCertificate -cert "Cert:\LocalMachine\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $pwd

  • ProtectTo usage

    Copy
    Code
    Export-PfxCertificate -cert Cert:\LocalMachine\My\<Certificate Thumbprint> -FilePath <FilePath>.pfx -ProtectTo <Username or group name>

After you create and export your certificate, you're ready to sign your app package with SignTool. For the next step in the manual packaging process, see Sign an app package using SignTool.

创建一个UWP 打包签名的更多相关文章

  1. webpack学习--创建一个webpack打包流程

    创建一个webpack打包流程 首先安装webpack插件 mkdir webpack-demo && cd webpack-demo npm init -y npm install ...

  2. (2/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  3. (1/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  4. 如何在HoloLens中创建一个2D的Hello World程序

    注:本文提及到的代码示例下载地址 > How to build an "Hello World" 2D app in HololLens. HoloLens 是微软的一款MR ...

  5. [UWP]创建一个ProgressControl

    1. 前言 博客园终于新增了UWP的分类,我来为这个分类贡献第一篇博客吧. UWP有很多问题,先不说生态的事情,表单.验证.输入.设计等等一堆基本问题缠身.但我觉得最应该首先解决的绝对是Blend,那 ...

  6. 【Cocos2d-x for WP8 学习整理】(1)创建一个新项目

    喜大普奔                         10.1假期之前看到了一个很振奋的消息,就是随着Cocos2d-x 2.2的发布,WP8/WIN8有史以来第一次的合并到主版本了. 之前 V2 ...

  7. Android打包签名

    Ⅰ.用jdk和sdk自带工具打包签名 a.把jdk下的keytool.exe和jarsigner.exe所在目录(两个工具在同一目录) 添加到环境变量path 1)新建环境变量package,pack ...

  8. Git创建一个自己的本地仓库

    如果我们要把一个项目加入到Git的版本管理中,可以在项目所在的目录用git init命令建立一个空的本地仓库,然后再用git add命令把它们都加入到Git本地仓库的暂存区(stage or inde ...

  9. 【Android - 进阶】之代码打包签名与混淆

    代码打包签名 Android Studio为大家集成了代码打包混淆的功能,具体操作流程如下组图所示: 1.点击Android Studio上方工具栏的  Build -> Generate Si ...

随机推荐

  1. Python脱产8期 Day06 2019/4/18

    一 深浅拷贝 例:ls = [1, 'abc', [10]] 1.值拷贝:s1 = ls    # ls1直接将ls中存放的地址拿过来,>ls内部的值发生任何变化,ls1都会随之变化. 2.浅拷 ...

  2. JavaScript的基本包装类型说明

    一.基本包装类型: 为了便于操作基本类型值,ECMAScript 还提供了3个特殊的引用类型:Boolean.Number和String.这些基本包装类型,具有与各自基本类型相应的特殊行为. 实际上我 ...

  3. [MicroPython]TurniBit开发板DIY自动窗帘模拟系统

    一.准备工作 üTurnipBit 开发板 一块 ü下载数据线 一条 ü微型步进电机(28BYJ-48) 一个 ü步进电机驱动板(ULN2003APG) 一块 ü光敏传感器 一个 üTurnipBit ...

  4. Recurrent Neural Network[survey]

    0.引言 我们发现传统的(如前向网络等)非循环的NN都是假设样本之间无依赖关系(至少时间和顺序上是无依赖关系),而许多学习任务却都涉及到处理序列数据,如image captioning,speech ...

  5. Asp.net中web.config配置文件详解(二)

    摘自http://blog.csdn.net/hbqhdlc/article/details/8155668 近日正在看Asp.net,看到Web.config有很不清楚之处,特意从网络.MSDN搜集 ...

  6. 如何备份和恢复你的TFS服务器(一)

    备份和恢复一个TFS(Team Foundation Server)服务器常常令人心生畏惧.因为这会涉及到很多服务和步骤.TFS(Team Foundation Server)2010一发布,我就知道 ...

  7. Appium-处理系统弹窗

    前言: 最近在搞appium自动化,iOS的系统弹窗是大家都会遇到的,本文来总结处理这种弹窗的用法. 环境: MacOS:10.13.4 Appium-desktop:1.6.1 Xcode:9.3. ...

  8. linux-高并发与负载均衡-TCP-IP基础知识

    ARP协议: ping baidu

  9. 1171: lfx捧杯稳啦!

    escription Lfx在复习离散的时候突然想到了一个算法题,毕竟是lfx, 算法题如下: 他想知道这样的问题,先定义1~n中即是3的倍数,又是11的倍数的那些数的和sum, 他想知道sum有多少 ...

  10. shell脚本--操作MySQL数据库

    其实就是一个很简单的套路,和其他语言差不多,首先连接数据库,然后在进行其他操作. 套路如下: #!/bin/bash mysql="mysql -uroot -proot" #连接 ...