Create a certificate for package signing

2017/2/8 3 min to read

[ Updated for UWP apps on Windows 10. For Windows 8.x articles, see the archive ]

This article explains how to create and export a certificate for app package signing using PowerShell tools. It's recommended that you use Visual Studio for Packaging UWP apps, but you can still package a Store ready app manually if you did not use Visual Studio to develop your app.

Important

If you used Visual Studio to develop your app, it's recommended that you use the Visual Studio wizard to import a certificate and sign your app package. For more information, see Package a UWP app with Visual Studio.

Prerequisites

  • A packaged or unpackaged app
    An app containing an AppxManifest.xml file. You will need to reference the manifest file while creating the certificate that will be used to sign the final app package. For details on how to manually package an app, see Create an app package with the MakeAppx.exe tool.

  • Public Key Infrastructure (PKI) Cmdlets
    You need PKI cmdlets to create and export your signing certificate. For more information, see Public Key Infrastructure Cmdlets.

Create a self signed certificate

A self signed certificate is useful for testing your app before you're ready to publish it to the store. Follow the steps outlined in this section to create a self signed certificate.

Determine the subject of your packaged app

To use a certificate to sign your app package, the "Subject" in the certificate must match the "Publisher" section in your app's manifest.

For example, the "Identity" section in your app's AppxManifest.xml file should look something like this:

Copy
Code
  <Identity Name="Contoso.AssetTracker"

    Version="1.0.0.0"

    Publisher="CN=Contoso Software, O=Contoso Corporation, C=US"/>

The "Publisher", in this case, is "CN=Contoso Software, O=Contoso Corporation, C=US" which needs to be used for creating your certificate.

Use New-SelfSignedCertificate to create a certificate

Use the New-SelfSignedCertificate PowerShell cmdlet to create a self signed certificate. New-SelfSignedCertificate has several parameters for customization, but for the purpose of this article, we'll focus on creating a simple certificate that will work with SignTool. For more examples and uses of this cmdlet, see New-SelfSignedCertificate.

Based on the AppxManifest.xml file from the previous example, you should use the following syntax to create a certificate. In an elevated PowerShell prompt:

Copy
Code
New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName <Your Friendly Name> -CertStoreLocation "Cert:\LocalMachine\My"

After running this command, the certificate will be added to the local certificate store, as specified in the "-CertStoreLocation" parameter. The result of the commmand will also produce the certificate's thumbprint.

Note
You can view your certificate in a PowerShell window by using the following commands:

Copy
Code
Set-Location Cert:\LocalMachine\My

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint

This will display all of the certificates in your local store.

Export a certificate

To export the certificate in the local store to a Personal Information Exchange (PFX) file, use the Export-PfxCertificate cmdlet.

When using Export-PfxCertificate, you must either create and use a password or use the "-ProtectTo" parameter to specify which users or groups can access the file without a password. Note that an error will be displayed if you don't use either the "-Password" or "-ProtectTo" parameter.

  • Password usage

    Copy
    Code
    $pwd = ConvertTo-SecureString -String <Your Password> -Force -AsPlainText
    
Export-PfxCertificate -cert "Cert:\LocalMachine\My\<Certificate Thumbprint>" -FilePath <FilePath>.pfx -Password $pwd

  • ProtectTo usage

    Copy
    Code
    Export-PfxCertificate -cert Cert:\LocalMachine\My\<Certificate Thumbprint> -FilePath <FilePath>.pfx -ProtectTo <Username or group name>

After you create and export your certificate, you're ready to sign your app package with SignTool. For the next step in the manual packaging process, see Sign an app package using SignTool.

创建一个UWP 打包签名的更多相关文章

  1. webpack学习--创建一个webpack打包流程

    创建一个webpack打包流程 首先安装webpack插件 mkdir webpack-demo && cd webpack-demo npm init -y npm install ...

  2. (2/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  3. (1/2) 为了理解 UWP 的启动流程,我从零开始创建了一个 UWP 程序

    每次使用 Visual Studio 的模板创建一个 UWP 程序,我们会在项目中发现大量的项目文件.配置.应用启动流程代码和界面代码.然而这些文件在 UWP 程序中到底是如何工作起来的? 我从零开始 ...

  4. 如何在HoloLens中创建一个2D的Hello World程序

    注:本文提及到的代码示例下载地址 > How to build an "Hello World" 2D app in HololLens. HoloLens 是微软的一款MR ...

  5. [UWP]创建一个ProgressControl

    1. 前言 博客园终于新增了UWP的分类,我来为这个分类贡献第一篇博客吧. UWP有很多问题,先不说生态的事情,表单.验证.输入.设计等等一堆基本问题缠身.但我觉得最应该首先解决的绝对是Blend,那 ...

  6. 【Cocos2d-x for WP8 学习整理】(1)创建一个新项目

    喜大普奔                         10.1假期之前看到了一个很振奋的消息,就是随着Cocos2d-x 2.2的发布,WP8/WIN8有史以来第一次的合并到主版本了. 之前 V2 ...

  7. Android打包签名

    Ⅰ.用jdk和sdk自带工具打包签名 a.把jdk下的keytool.exe和jarsigner.exe所在目录(两个工具在同一目录) 添加到环境变量path 1)新建环境变量package,pack ...

  8. Git创建一个自己的本地仓库

    如果我们要把一个项目加入到Git的版本管理中,可以在项目所在的目录用git init命令建立一个空的本地仓库,然后再用git add命令把它们都加入到Git本地仓库的暂存区(stage or inde ...

  9. 【Android - 进阶】之代码打包签名与混淆

    代码打包签名 Android Studio为大家集成了代码打包混淆的功能,具体操作流程如下组图所示: 1.点击Android Studio上方工具栏的  Build -> Generate Si ...

随机推荐

  1. 1-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(视频总揽和功能演示)

    主要实现的功能 其它视频和资料稍候再补充上 我先写后面的文章 2-STM32物联网开发WIFI(ESP8266)+GPRS(Air202)系统方案数据篇(安装数据库,数据库简单说明)

  2. JVM调优常用参数和注意点备忘录

    本文主要是工作过程中总结的一些jvm调优的参数和注意的地方,作为一个备忘录,先占个坑,有时间在来细化具体的实例. gc日志是覆盖的方式如果文件名字固定会导致上一次被覆盖可以采用这个-Xloggc:ba ...

  3. H3C交换机-SNMP配置

    1.1     SNMP基础配置 1.启动/关闭SNMP Agent服务 在系统视图模式下: 启用:snmp-agent 关闭:undo snmp-agent 注:缺省情况下snmp agent是关闭 ...

  4. Dijkstra的应用

    每次只涉及一边两端点的极值循环转移应用Dijkstra.

  5. python中map()函数用法

    map函数的原型是map(function, iterable, …),它的返回结果是一个列表. 参数function传的是一个函数名,可以是python内置的,也可以是自定义的. 参数iterabl ...

  6. shell脚本--操作MySQL数据库

    其实就是一个很简单的套路,和其他语言差不多,首先连接数据库,然后在进行其他操作. 套路如下: #!/bin/bash mysql="mysql -uroot -proot" #连接 ...

  7. python-边练边学

    #换行print(a),print(b),print(c)'''以上是不换行打印以下是换行打印'''print(a)print(b)print(c) #注释#python中的注释有三种方式:单行注释 ...

  8. Hibernate two table same id

    Hibernate更新数据(不用update也可以) - 森林木马 - 博客园 https://www.cnblogs.com/owenma/p/3481497.html hibernate级联更新会 ...

  9. ORACLE 当字段中有数据如何修改字段类型

    创建视图的时候,因为表太多,里面一些字段类型不一样,PL/SQL报错,为‘表达式必须具有对应表达式相同的数据类型’,发现后,一个字段的类型为CLOB和VARCHAR2(4000)两种,将CLOB进行修 ...

  10. source map

    一.source map 概述 我们在打包中,将开发环境中源代码经过压缩,去空格,babel编译转化,最终可以得到适用于生产环境的项目代码,这样处理后的项目代码和源代码之间差异性很大,会造成无法deb ...