I have a properly signed UWP application that I want my users to install using the new App Installer from Microsoft. In the screenshot you see the certificate path of my application. The UserTrust/Addtrust network is already in the trusted root folder and sideloading is enabled in Settings.
I have asked this on several forums and have researched this for a long time but I have not found any solution or way to troubleshoot the App Installer or the powershellscript AddDevPackage.ps
I am looking to find the right person at Microsoft to help me out because the responses on the MSDN forums just post the first google hit on sideloading an appx.
Please help me out.
So here is the full story on how to sideload an appxbundle using a comodo certificate
Get a Comodo SSL authenticode certificate
Export the certificate using a browser (Link), This certificate can be used in the Packaging section in the Package Manifest in Visual Studio. If you also want to sign the assembly, export again but this time, uncheck the include all certificates option.
2.b Also download and install these three certificates from Comodo.(Download Link). Open a search and type CertMgr, opening this will take you to the certificate manager. To the left, you can find Trusted Root folder and in there you can find certificates folder. In this folder, right click in an empty area and click import. Import the 'addtrustexternalcaroot' file. If there is already a comodo rsa file in here, open it and uncheck 'code signing'.
2.c Go to the intermediary root folder and its certificate folder. Here you import the other two files.
In Visual Studio, go to Project properties -> package manifest -> packaging and click Choose Certificate. Now you select the certificate which includes all the certificates in the path.
(optional) Go to project properties -> signing -> check 'Sign the assembly'. Now click choose certificate, enter your password and done.
Create an appxpackage
Verify the signing process by opening a cmd window and enter 'SignTool verify /pa 'path to your bundle here''
If all is well you should see something like this:
If the AddTrust/Usertrust root is not the top CA in your path, something went wrong and you have to try these steps again.
Let's say you upload your appxbundle folder as a zip file and download it on another PC. The smartscreen dialog will come up. It is possible that the publisher is 'unknown'. It is a matter of time before this is set correctly and will take more time and a build up of 'reputation' before the filter goes away.
Click run anyway and the app installer opens up. Click install. If there are any errors, open up a powershell and type Get-AppxLog. Here you can find all error info.
Done!
Question: Can I just upload the appxbundle and leave everything else behind?
Answer: Maybe, if the OS needs a dependency package like .Net Native Runtime appx, you can just upload both the x86 and x64 and have your clients download and install these before you let them install your main package. Be aware that the x86 and x64 packages are not interchangeable -> the native runtime is OS dependent.
Related
I was having an issue with react-native not working because it is not signed. There is a question about it here on SO already. The problem is I can't use that solution, I am trying to distribute a .zip file with react-native already inside the "node_modules" folder, so people can build it easily, so I need to get it signed instead, I can't go around telling people downloading my file to just disable their MacOS security...
Create an Apple development account by using your email and add it in your Xcode, Project Navigator > Signing & Capabilities > Signing (Debug), mark the Automatically manage signing:
Add the bundle identifier name as this patter:
com.[developer account name].[project name]
Then you will be able to build your application on your physical device.
I am trying to install Github for Windows which is a ClickOnce application, however I am unable to start any ClickOnce application. I receive a pop up error saying "Application cannot be started, contact the application vendor".
I have seen that other users with this error have solved it by deleting the '2.0' folder in there 'users/USERNAME/AppData/Local/Apps/2.0' location. However, I do not have an 'Apps' folder in my 'AppData/Local' location and therefore unable to delete anything from it. I have tried creating an 'Apps' folder there and then trying to install the application but I receive the same error. When I run the following: '%UserProfile%\AppData\Local\Apps\2.0' it says that it refers to a location that is unavailable.
I have contacted Github support and they told me the same thing about deleting the '2.0' folder but alas I do not have the 'AppData/Local/Apps' location. They also told me to clear the cache by running this: rundll32 %SystemRoot%\system32\dfshim.dll CleanOnlineAppCache but that did not solve the problem either.
I do not have any anti-virus or firewall turned on either. I have also tried installing a different ClickOnce application and I received the same error. Is there some other folder I need to delete or some setting I need to change to get ClickOnce applications to start?
By Changing to Net Framework 4.0 got me working, changing and delete 2.0 made no difference but deleted the other apps.
The other apps were reinstalled automatically so no biggy, will try install latest 4.51 later.
I know this is a really old question. You should have a Apps folder at '%UserProfile%\AppData\Local\Apps\2.0'. You are probably unable to see the folder because you haven't enabled viewing of hidden folders in windows explorer. To resole this, launch windows explorer "windows key + e", hold down Alt and hit T (tools menu) then click folder options, click the "view" tab and then select:
"show hidden files, folders, and drives"
Uncheck:
"Hide empty drives in the Computer folder"
"Hide extensions for known file types"
"Hide protected operating system files (recommended)"
Note, not all of these are required to see the hidden folder "apps", this is how I always configure my setup though.
After this you should be able to see the folder at :
'%UserProfile%\AppData\Local\Apps\2.0'
Deleting the 2.0 folder usually works but you are also deleting any other click once applications that have been installed.
I cannot build projects with a strong name key signing - the message in the title always comes up.
Yes the project was initially copied over from another machine. However even if I add a new key via the Signing tab in Project Properties, this error is still shown.
I have tried running Visual Studio as an Administrator and have tried manually adding the keys to Windows Certificate Store.
Help!
Edit: I don't get this error with a new project, but I'd quite like to get this existing project working. It won't work even if I create a new certificate!
I've finally found the solution.
Edit the .csproj file for the project in question.
Delete the following lines of code:
<PropertyGroup>
<ManifestCertificateThumbprint>...........</ManifestCertificateThumbprint>
</PropertyGroup>
<PropertyGroup>
<ManifestKeyFile>xxxxxxxx.pfx</ManifestKeyFile>
</PropertyGroup>
<PropertyGroup>
<GenerateManifests>true</GenerateManifests>
</PropertyGroup>
<PropertyGroup>
<SignManifests>false</SignManifests>
</PropertyGroup>
Go to your project's "Properties" within visual studio. Then go to signing tab.
Then make sure Sign the Click Once manifests is turned off.
Updated Instructions:
Within your Solution Explorer:
right click on your project
click on properties
usually on the left-hand side, select the "Signing" tab
check off the Sign the ClickOnce manifests
Make sure you save!
It's simple!!
I resolved this problem by following this steps:
Open project properties
Click on Signing Tab
And uncheck "Sign the assembly"
That's it!!
Try this:
Right click on your project → Go to properties → Click signing which is left side of the screen → Uncheck the Sign the click once manifests → Save & Build
Open the .csproj file in Notepad.
Delete the following information related to signing certificate in the certificate store
<PropertyGroup>
<ManifestCertificateThumbprint>xxxxx xxxxxx</ManifestCertificateThumbprint>
<ManifestKeyFile>xxxxxxxx.pfx</ManifestKeyFile>
<GenerateManifests>true</GenerateManifests>
<SignManifests>false</SignManifests>
</PropertyGroup>
Go to your projects "Properties" within visual studio. Then go to signing tab.
Then make sure Sign the Click Once manifests is turned off.
OR
1.Open the .csproj file in Notepad.
2.Delete the following information related to signing certificate in the certificate store
xxxxx xxxxxx
xxxxxxxx.pfx
true
false
`
Worked for me.
Assuming this is a personal certificate created by windows on the system you copied your project from, you can use the certificate manager on the system where the project is now and import the certificate. Start the certificate manager (certmgr) and select the personal certificates then right click below the list of existing certificates and select import from the tasks. Use the browse to find the .pfx in the project (the .pfx from the previous system that you copied over with the project). It should be in the sub-directory with the same name as the project directory. I am familiar with C# and VS, so if that is not your environment maybe the .pfx will be elsewhere or maybe this suggestion does not apply. After the import you should get a status message. If you succeeded, the compile certificate error should be gone.
It is not enough to manually add keys to the Windows certificate store. The certificate only contains the signed public key. You must also import the private key that is associated with the public key in the certificate. A .pfx file contains both public and private keys in a single file. That is what you need to import.
You said you copied files from another computer. After you copied them, did you 'Unblock' them? Specifically the .snk file should be checked to make sure it is not marked as unsafe.
To sign an assembly with a strong name using attributes
Open AssemblyInfo.cs (in $(SolutionDir)\Properties)
the AssemblyKeyFileAttribute or the AssemblyKeyNameAttribute, specifying the name of the file or container that contains the key pair to use when signing the assembly with a strong name.
add the following code:
[assembly:AssemblyKeyFileAttribute("keyfile.snk")]
If you need just build the project or solution locally then removing the signing might be a dead simple solution as others suggest.
But if you have this error on your automation build server like TeamCity where you build your actual release pieces for deployment or distribution you might want to consider how you can get this cert properly installed to the cert store on the build machine, so that you get a signed packages at the end of the build.
Generally it is not recommenced to check-in/commit any PFX certificates into source control, so how you get this files on your build server during the build process is a bit another question, but sometimes people do have this file stored along with the solution code, so you can find it in the project folder.
All you need to do is just install this certificate under proper account on your build server.
Download PsExec from Windows Sysinternals.
Open a command prompt, and enter the following. It will spawn a new command prompt, running as Local System (assuming that your TeamCity is running under the default Local System account):
> psexec.exe -i -s cmd.exe
In this new command prompt, change to the directory containing the certificate and enter the filename to install (change the name of the file to yours):
> mykey.pfx
The Import Certificate wizard will start up. Click through and select all the suggested defaults.
Run the build.
All credits goes to Stuart Noble (and then further to Laurent Kempé I believe ☺).
Just ran into this (again), due to PFX cert not being included in the code, for security.
For local testing, like Debug builds, the lead programmer of this solution had me go into Properties, Signing, click on "Create Test Certificate". In our setting he said just click ok, but one can put in a strong password here if warranted/needed.
Whenever I'm trying to install something or even just list the packages I get this error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"
I tried this solution from Codeplex with no luck.
I use the latest version of Nuget.
I also tried different options in devenv.exe.config like this:
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false"/>
Go to VS2010 → Tools → Library Package Manager → Package Manager Settings.
Choose Package Manager → Package Sources.
Add a new package source as:
Name: NugetSource
Source: http://packages.nuget.org/v1/FeedService.svc/
Move Up the newly added package source to first position.
UnCheck existing "Nuget official package source"
Restart VS2010.
Go to https://nuget.org/ and get its certificate.
For example, if you're using Firefox: after opening nuget site - click site's icon on the left side of address bar, click 'More Information', and on the Security tab there should be 'Web-site identity' section with 'View certificate' button. Click there, in the opened dialog select Details tab - there you should see chain for *.nuget.org. Click button 'Export' at the bottom and save certificate to the file (add .cer extension manually, because dialog won't do it for you).
Now you need to setup you system so that it will trust the certificate. Press Win+R (Run dialog will be opened) -> type mmc there and run it (with admin privileges if you have UAC turned on). There select File -> Add or remove snapin... -> select Certificates on the left, in the dialog select Computer account and Local computer. Click OK - the tree will have Certificates node in the Console root. Open it and file folder Trusted People. From its context menu select All tasks -> Import... -> Select file that you have exported before and import it.
Everything should be working fine.
We had the same issue in work, and we resolved this by dropping the secure socket, Https -> http. This means you can use the V2 URL http://nuget.org/api/v2/.
Possibly an issue getting rid of the secure socket, but the above URL (http://packages.nuget.org/v1/FeedService.svc/) is also unsecure.
There's apparently an issue with the SSL cert on go.microsoft.com. Change the package source url to http://packages.nuget.org/v1/FeedService.svc/ and it should work just fine.
Related: ServicePointManager does not support proxies with the https scheme
If you've previously had Fiddler open, you might well have a certificate for nuget.org that is invalid.
If so, open up MMC, add the Certificates snapin (current User) and remove nuget.org from the Personal store.
Due to Nuget keeping a handle to this cert (seemingly) you will have to restart Visual Studio. Afterwards, you should have a good time.
Go to VS2012 -> Tools -> Library Package Manager -> Package Manager Settings
Choose Package Manager -> Package Sources.
Add a new package source as: Name= NugetSource Source= http://packages.nuget.org/v1/FeedService.svc/
Move Up the newly added package source to first position.
UnCheck existing "Nuget official package source"
Restart VS2012.
This is working on my machine.
As of today 21-Jan-2015, the correct url is https://www.nuget.org/api/v2/. The www is required or the certificate fails. Do NOT fall back to http because you are opening your code and all of its consumers to a nasty MITM vector.
If nothing from above works, try this....
Try pasting the following into a .reg file and run it. Then try running your NuGet command (no reboot required).
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
Ran into this issue because TLS1.2 was not enabled (similar to Tony's response). Using http does not fix the situation because NuGet redirects to https now that TLS1.2 is enforced.
thanks to "neoscribe"
For me the problem was solved by clearing the nuget cache (and restarting VS)
I could solve this problem by dropping the secure socket, https -> http.
Go to Tools -> Nuget Package Manager -> Package Sources, then add a new source, but without https:
This means http://nuget.org/api/v2/.
I had to remove https in Local machine settings for Nuget and added (http) it to user level in Tools -> Library Package Manager -> Package Manager Settings Choose Package Manager -> Package Sources.
i have had no luck with any method related to Visual Studio. Not updating everything, not manually adding the Root Certificate of https://api.nuget.org/v3/index.json to windows, etc. How I fixed it:
nuget restore MySolution.sln
Download nuget here.
I've got an Excel add-in project that was created a couple years back in Visual Studio 2008. It's got some changes to be made so I've upgraded to Visual Studio 2010 (the only IDE I am able to use). Not sure if this is causing the problem but it's background information.
When I check out the code and compile it I get the error, "Error 1 Unable to find manifest signing certificate in the certificate store."
Can anyone tell me what this means and how to fix it?
You need to re-add that certificate to your machine or chose another certificate.
To choose another certificate or to recreate one, head over to the Project's properties page, click on Signing tab and either
Click on Select from store
Click on Select from file
Click on Create test certificate
Once either of these is done, you should be able to build it again.
I found this solution which solved the problem for me: Removing all entries in your *.csproj that fall into:
<manifestcertificatethumbprint>...</manifestcertificatethumbprint>
<manifestkeyfile>...</manifestkeyfile>
<generatemanifests>...</generatemanifests>
<signmanifests>...</signmanifests>
A quick solution to get me going was to uncheck the "Sign the ClickOnce manifests" in: Project -> (project name)Properties -> Signing Tab
When the project was originally created, the click-once signing certificate was added on the signing tab of the project's properties. This signs the click-once manifest when you build it. Between then and now, that certificate is no longer available. Either this wasn't the machine you originally built it on or it got cleaned up somehow. You need to re-add that certificate to your machine or chose another certificate.
Adding new certificate resolved this issue for me. Properties page -> signing -> Click on Create test certificate
Make sure you commit .pfx files to repository.
I just found *.pfx in my default .gitignore.
Comment it (by #) and commit changes. Then pull repository and rebuild.
Delete these entries mentioned in this post: http://manfredlange.blogspot.ca/2008/03/visual-studio-unable-to-find-manifest.html.
Also remove the .snk or .pfx files from the project root.
Don't forget to push these changes to GitHub, for Jenkins only pulls source from GitHub.
The issue of erroneous leftover entries in the .csproj file still occurs with VS2015update3 and can also occur if you try to change the signing certificate for a different one (even if that is one generated using the 'new' option in the certificate selection dropdown).
The advice in the accepted answer (mark as not signed, save, unload project, edit .csproj, remove the properties relating to the old certificates/thumbprints/keys & reload project, set certificate) is reliable.
I create a new key, I had to search the csproj for the old one and refactor it.