Create a certificate for package signing AND deploy a MSIX package

I wanted my application to be available via a MSIX installer. This new MSIX installer supports all type of Windows applications including Win32, WPF, WinForm and UWP.

I struggled a few days to get the certificate right so that is why I published this article. This article goes through the process of creating a certificate and adding this to the app installer package.

First you need to add a new project to your solution. The solution type is called Windows Application Packaging Project. This is done by right clicking the solution and go to Add > New Project…

Determine the subject of your packaged app
To use a certificate to sign your app package, the “Subject” in the certificate must match the “Publisher” section in your app’s manifest.

For example, the “Identity” section in your app’s AppxManifest.xml file should look something like this:

<Identity
    Name="12345678-1234-1234-1234-1234567890ab"
    Publisher="CN=Contoso Software, O=Contoso Corporation, C=US"
    Version="1.0.2.0" />

The “Publisher”, in this case, is “CN=Contoso Software, O=Contoso Corporation, C=US” which needs to be used for creating your certificate.

Then run the following commands in an elevated PowerShell prompt:

  1. PS C:\WINDOWS\system32> New-SelfSignedCertificate -Type Custom -Subject “CN=Contoso Software, O=Contoso Corporation, C=US” -KeyUsage DigitalSignature -FriendlyName “Certificate for Installing MSIX/Appx from Contoso Software” -CertStoreLocation “Cert:\CurrentUser\My” -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.3”, “2.5.29.19={text}”)

    PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

    Thumbprint Subject
    ———- ——-
    2B046FBC587DD867989D6165570B4C144F557FCE CN=Contoso Software, O=Contoso Corporation, C=US
  2. PS C:\WINDOWS\system32>Set-Location Cert:\CurrentUser\My
  3. PS Cert:\CurrentUser\My> $password = ConvertTo-SecureString -String mypassword -Force -AsPlainText
  4. PS Cert:\CurrentUser\My> Export-PfxCertificate -cert “2B046FBC587DD867989D6165570B4C144F557FCE” -FilePath c:\Contoso.Software.pfx -Password $password

    Directory: C:\

    Mode LastWriteTime Length Name
    —- ————- —— —-
    -a—- 7-9-2020 08:42 2756 Contoso.Software.pfx

Then add the certificate to the package installer in Visual Studio:

Next publish the app:

Import the certificate if it is not already installed

Start Manage computer certificates to import the certificate to the computer(s) to which you wish the app to deploy

If it is not present in Thrusted People, import the certificate

Next publish the app

And double click the PackagingProject.appinstaller from the installer folder