This app package’s publisher certificate could not be verified. Contact your system administrator or the app developer to obtain a new app package with verified certificates. The root certificate and all immediate certificates of the signature in the app package must be verified (0x800B010A)
This was the error I am facing during installation of windows application in another device
Tried Deploying application in another device
Related
I've been working with UWP/Xaml for the past couple days but am unable to answer the title question so far: Is it possible to install an .appxbundle without admin rights?
I'm developing a Unity3D/UWP/Xaml application which cant be deployed to Windows Store and thus needs to be sideloaded and am also using the default Visual Studio 2017 test certificate. Both developer and client PCs are running on Windows 10 x64 with latest build. Developer PC is in Developer Mode and Client PC is in Sideload Apps Mode.
The project generated have the following dependencies:
Microsoft.NET.CoreRuntime.1.1.appx
Microsoft.VCLibs.x64.14.00.appx
Using powershell scripts shouldnt be a problem as long as they dont need admin rights.
I've tried a few things with no success so far:
Double clicking the .appxbundle
Results in the following message: A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)
Double clicking the certificate generated by visual studio and installing it to CURRENT USER (Local Machine requires admin rights), then placing certificate to either Trusted Root Certification Authorities or Trusted People and clicking again on .appxbundle
Running the powershell script
Returns the following message: Before installing this app you need to do the following: Acquire a developer license
Then it asks for admin rights
Running the powershell script after modifying the CheckIfNeedDeveloperLicense to always return $false
Returns the following message: error 0x800B0109: The root certificate of the signature in the app package or bundle must be trusted.
Somehow I have a feeling that the dependency Microsoft.VCLibs.x64.14.00.appx is triggering this. Also, I cant manually install this .appx because it gives me the following message: App installation failed with error message: The package could not be installed because resources it modifies are currently in use. (0x80073d02)
Tried a mix of powershell Set-ExecutionPolicy commands before running the visual studio generated powershell script, including:
Force
ByPass
AllSigned
Unrestricted
-Scope CurrentUser
Deploy visual studio project (which generates an .appx instead of an .appxbundle) instead of Store -> Create App Package
I have also read this thread UWP App Installation without admin rights, powershell interaction and without Windows Store?
But I couldnt figure out how to configure the powershell script to run without admin rights.
Everything points me to a faulty certificate, but I still don't get how to generate a trusted one for sideloading apps. Is it possible to do it for free?
Let me know if any more info is needed in order to solve this.
Thank you for your time!
Is it possible to install an .appxbundle without admin rights
You must have administrative access successfully before you install. The issue you met is one of the most frequent issues when sideloading an application for first time in the user machine: Trusted certificates.
According to Trusted certificates section of the document Troubleshoot installation issues with the App Installer file:
To trust the certificate, the certificate must be present in one of the following local machine certificate stores on your device: Trusted Publishers,Trusted People,Trusted Root Authorities (not recommended)
No matter which one, Installing a certificate in the Local Machine store requires administrative access. Please kindly check the Important section.
I've a problem. I wanted mode to install a release of universal windows app.
When i copy the AppPackeges on the remote computer, this doesn't install beaces return this error:
Either you need a new certificate installed for this app package, or
you need a new app package with trusted certificates. Your system
administrator or the app developer can help. A certificate chain
processed, but terminated in a root certificate which isn't trusted
(0x800B0109)
I follow this tips: Installing .appx without trusted certificate?
But didn't work for me...i'm continually receive the error on the quote.
There is another mode to run a universa windows app on the another windows 10 for testing.
I used a certificate created from visual studio 2017.
Then i've set windows 10 on developer mode.
Thanks
I want to add a desktop (WPF) application to the Windows Store using the Desktop Bridge (MakePri, MakeAppx). I have tested my build process using a self-sign certificate and all is well.
However, I cannot find any information stating whether I need an Extended Validation (EV) certificate or if an Organization validated (OV) certificate is sufficient. I know an OV certificate can cause SmartScreen warnings for installer .msi packages.
I also found old links (relating to Windows 8 apps) which say that the store does not use SmartScreen. But I cannot find anything relating to Windows 10 desktop apps packaged via the Desktop Bridge.
Will an OV certificate cause SmartScreen warnings when my converted application is downloaded from the store?
You don't need to use a valid certificate to publish your app to the Store. You just need to sign it with a test certificate. When you upload it to dev. center, it will be signed by Microsoft to be distributed through the Store.
I couldn't find a documentation that clarifies this, just saying it by my own experience. There are some notes here:
To test your app in a realistic setting as you prepare for
distribution, it's best to sign your app and then install it.
Visual Studio signs your app by using a test certificate. You'll find
that certificate in the output folder that the Create App Packages
wizard generates. The certificate file has the .cer extension and
you'll have to install that certificate into the Trusted Root
Certification Authorities store on the PC that you want to test your
app on.
Also if you use the new update of Visual Studio, you can create Desktop Bridge apps and publish them to the Store entirely through Visual Studio using the Windows Application Package project. It means you don't need to manually pack and sign it, VS does it for you.
Edit
Your users do not see an Smart Screen anyways. It makes sense since your app cannot run with administrator privileges. If your app needs a functionality that requires admin privileges, you need to consider it before moving forward.
I have an application in a test environment and when I install it in my computer all work correctly, but when others users installs it some of them works and others fails. When it fails, it displays this error: customized functionality in this application will not work because the certificate used to sign the deployment manifest for appname o its locations is not trusted. Contact your administrators for further assistance.
In addition, I created a test certificate, using visual studio 2015, to sing the application. The application is an add-in using VSTO.
The app is downloaded from a web server into my company, also it uses two web services.
Here is a photo of the error
Get a proper certificate or install the certificate you used onto the computers that you want this app to trust. The whole concept of having to sign the cert is to prevent accidental installations of untrusted applications. In order for that to work the machines you're installing to need to first trust the cert.
You will need a Code Signing certificate and sign the Click-Once package using that cert. You may still need to distribute the trusted cert to the machines somehow (depending on how those are setup).
We are developing the Windows Phone 8.1 app.
The Hockeyapp was chosen for app distribution. To be able to distribute a Windows Phone 8.1 app, it requires to upload the company profile file (.aetx). Which then should be downloaded on Windows Phone and only after that the .xib file signed with the company certificate can be installed.
The problem is that the phone reports the error when trying to install the .aetx file:
Can't add workplace account
We weren't able to set up the workplace account.
Contact your company's support person for help.
The specifics is that the Enterprise Mobile Code Signing Certificate was requested from Symantec from the Mac computer, and the certificates were exported to .p12 format but not .pfx as in case of Windows OS. But the AETGenerator.exe didn't show any error and successfully created the .aet, .aetx and .xml files.
I followed the Company app distribution for Windows Phone, and the steps I have done:
Registered the Company account on Windows Phone Dev Center
On Mac computer applied for Symantec Enterprise Mobile Code Signing
Certificate
On Mac picked up Enterprise Certificate from Symantec
On Mac exported the Enterprise Certificate to .p12 file
On Windows installed the Symantec_Enterprise_Mobile_Root_for_Microsoft.cer
On Windows installed the Symantec_Enterprise_Mobile_CA_for_Microsoft_Cert.cer
On Windows development computer generated the .aetx file using the AETGenerator.exe of the Windows Phone 8.1 SDK tools
Now either installing the .aetx file from email or through Hockeyapp the phone shows the same error and doesn't install the certificate.
I tried installing the .p12 from Mac to Windows, then exporting the .pfx file on Windows with included private certificate, and then generating the .aetx file from this .pfx, the result is the same; phone shows the same error.
If I install all certificates on Windows (downloading Symantec certificates and installing private and public Enterprise certificates from .p12 file), and then trying to pick up the Enterprise Certificate from Symantec on Windows, the browser shows:
Your certificate cannot be installed. Either it has already been installed, or you have removed your private key.
It seems this error is shown when trying to install the public key of certificate not on the same computer from where it was requested.
Can applying for Symantec Enterprise Mobile Code Signing Certificate from Mac and then exporting the certificate be the reason of this problem?
If the Enterprise Mobile Code Signing Certificate was once acquired for the company, is there a way to apply for another certificate for same company from another computer? When enrolling for a certificate, the private key is being created in the browser on the back end, and I am thinking if it is possible to pass the same procedure from Windows but not paying for extra certificate.
This should help.
When we try to generate AET token, it fails with following error? What is cause for this failure?
Unknown Error while generating AET
StartIndex cannot be larger than length of string
Parameter name: StartIndex
http://blogs.msdn.com/b/wsdevsol/archive/2014/04/21/frequently-asked-questions-about-windows-phone-company-hub-apps.aspx