Create a certificate for package signing

2017/2/8 3 min to read

[ Updated for UWP apps on Windows 10. For Windows 8.x articles, see the archive ]

This article explains how to create and export a certificate for app package signing using PowerShell tools. It's recommended that you use Visual Studio for Packaging UWP apps, but you can still package a Store ready app manually if you did not use Visual Studio to develop your app.

Important

If you used Visual Studio to develop your app, it's recommended that you use the Visual Studio wizard to import a certificate and sign your app package. For more information, see Package a UWP app with Visual Studio.

Prerequisites

  • A packaged or unpackaged app
    An app containing an AppxManifest.xml file. You will need to reference the manifest file while creating the certificate that will be used to sign the final app package. For details on how to manually package an app, see Create an app package with the MakeAppx.exe tool.

  • Public Key Infrastructure (PKI) Cmdlets
    You need PKI cmdlets to create and export your signing certificate. For more information, see Public Key Infrastructure Cmdlets.

Create a self signed certificate

A self signed certificate is useful for testing your app before you're ready to publish it to the store. Follow the steps outlined in this section to create a self signed certificate.

Determine the subject of your packaged app

To use a certificate to sign your app package, the "Subject" in the certificate must match the "Publisher" section in your app's manifest.

For example, the "Identity" section in your app's AppxManifest.xml file should look something like this:

Copy
Code
  <Identity Name="Contoso.AssetTracker"

    Version="1.0.0.0"

    Publisher="CN=Contoso Software, O=Contoso Corporation, C=US"/>

The "Publisher", in this case, is "CN=Contoso Software, O=Contoso Corporation, C=US" which needs to be used for creating your certificate.

Use New-SelfSignedCertificate to create a certificate

Use the New-SelfSignedCertificate PowerShell cmdlet to create a self signed certificate. New-SelfSignedCertificate has several parameters for customization, but for the purpose of this article, we'll focus on creating a simple certificate that will work with SignTool. For more examples and uses of this cmdlet, see New-SelfSignedCertificate.

Based on the AppxManifest.xml file from the previous example, you should use the following syntax to create a certificate. In an elevated PowerShell prompt:

Copy
Code
New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName <Your Friendly Name> -CertStoreLocation "Cert:\LocalMachine\My"

After running this command, the certificate will be added to the local certificate store, as specified in the "-CertStoreLocation" parameter. The result of the commmand will also produce the certificate's thumbprint.

Note
You can view your certificate in a PowerShell window by using the following commands:

Copy
Code
Set-Location Cert:\LocalMachine\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

This will display all of the certificates in your local store.

Export a certificate

To export the certificate in the local store to a Personal Information Exchange (PFX) file, use the Export-PfxCertificate cmdlet.

When using Export-PfxCertificate, you must either create and use a password or use the "-ProtectTo" parameter to specify which users or groups can access the file without a password. Note that an error will be displayed if you don't use either the "-Password" or "-ProtectTo" parameter.

  • Password usage

    Copy
    Code
    $pwd = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText
    
Export-PfxCertificate -cert "Cert:\LocalMachine\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $pwd

  • ProtectTo usage

    Copy
    Code
    Export-PfxCertificate -cert Cert:\LocalMachine\My\<Certificate Thumbprint> -FilePath <FilePath>.pfx -ProtectTo <Username or group name>

After you create and export your certificate, you're ready to sign your app package with SignTool. For the next step in the manual packaging process, see Sign an app package using SignTool.

创建一个UWP 打包签名的更多相关文章

  1. webpack学习--创建一个webpack打包流程

    创建一个webpack打包流程 首先安装webpack插件 mkdir webpack-demo && cd webpack-demo npm init -y npm install ...

  2. (2/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  3. (1/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  4. 如何在HoloLens中创建一个2D的Hello World程序

    注:本文提及到的代码示例下载地址 > How to build an "Hello World" 2D app in HololLens. HoloLens 是微软的一款MR ...

  5. [UWP]创建一个ProgressControl

    1. 前言 博客园终于新增了UWP的分类,我来为这个分类贡献第一篇博客吧. UWP有很多问题,先不说生态的事情,表单.验证.输入.设计等等一堆基本问题缠身.但我觉得最应该首先解决的绝对是Blend,那 ...

  6. 【Cocos2d-x for WP8 学习整理】(1)创建一个新项目

    喜大普奔                         10.1假期之前看到了一个很振奋的消息,就是随着Cocos2d-x 2.2的发布,WP8/WIN8有史以来第一次的合并到主版本了. 之前 V2 ...

  7. Android打包签名

    Ⅰ.用jdk和sdk自带工具打包签名 a.把jdk下的keytool.exe和jarsigner.exe所在目录(两个工具在同一目录) 添加到环境变量path 1)新建环境变量package,pack ...

  8. Git创建一个自己的本地仓库

    如果我们要把一个项目加入到Git的版本管理中,可以在项目所在的目录用git init命令建立一个空的本地仓库,然后再用git add命令把它们都加入到Git本地仓库的暂存区(stage or inde ...

  9. 【Android - 进阶】之代码打包签名与混淆

    代码打包签名 Android Studio为大家集成了代码打包混淆的功能,具体操作流程如下组图所示: 1.点击Android Studio上方工具栏的  Build -> Generate Si ...

随机推荐

  1. RestFul风格API(Swagger)--从零开始Swagger

    引言:随着技术的革新,现在的系统基本上都是前后端分离,并且在各自的道路上越走越远,而前后端之间通信或者联系的桥梁就是API,而这里基于RESTful风格的API框架就来了!欲知后事如何,客官别急,往下 ...

  2. Generative Adversarial Nets[iGAN]

    本文来自<Generative Visual Manipulation on the Natural Image Manifold>,是大神Jun-Yan Zhu在2016年9月的作品. ...

  3. JVM深度解析

    JVM是Java Virtual Machine(Java虚拟机)的缩写,JVM是一种用于计算设备的规范,它是一个虚构出来的计算机,是通过在实际的计算机上仿真模拟各种计算机功能来实现的.Java语言的 ...

  4. JavaEE学习之Spring声明式事务

    一.引言 上一篇文章,学习了AOP相关知识,并做了一个简单的Hello world.本文在上篇文章的基础上,进一步学习下Spring的声明式事务. 二.相关概念 1. 事务(Transaction)— ...

  5. 【原创】研发应该懂的binlog知识(上)

    引言 为什么写这篇文章? 大家当年在学MySQL的时候,为了能够迅速就业,一般是学习一下MySQL的基本语法,差不多就出山找工作了.水平稍微好一点的童鞋呢还会懂一点存储过程的编写,又或者是懂一点索引的 ...

  6. JAVABEAN递归转MAP实现

    之前想找这么一个方法,找到的都不是递归实现的,列表.MAP里面的都没转,就自己折腾了个.——YOYO public class ObjectToMap{ public static Map objec ...

  7. .Net Core 在 Linux-Centos上的部署实战教程(二)

    上篇我们说了 如何在Linux上部署.net core  但是有心的同学会发现你关闭掉终端网站就不能访问了,这个原因是因为直接 dotnet GetConfigFile.dll --server.ur ...

  8. C#泛型创建实例

    class Test<T> where T : new() { public static T Instance() { return new T(); } } 就上面这方法, 居然比ne ...

  9. Jenkins - SSH认证方式拉取Git代码

    1.本地生成密钥 [root@root ~] ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which ...

  10. Randomized Online PCA Algorithms with Regret Bounds that are Logarithmic in the Dimension

    目录 Setup of Batch PCA and Online PCA Hedge Algorithm 改进算法 用于矩阵 \(rounding()\) 前俩次,都用到了\(rounding()\) ...