we have an app that is working and we want to sideload the app on our devices

We will be using a sideloading key as the devices are not always domain joined

Everything is working i can sideload the app as long as i install ms's test certificate as a trusted cert on the device but of course we need to get a proper certificate for the app package signing. 

this is where my problem starts

we have a standard code signing cert from godaddy but that doesnt work because when we try to use it for signing the app package using signtool it complains that the publisher id is different from the publisher id in the package

the publisher id in the app package is the one from the microsoft developer account (ie CN=guidvaluefromms) where the code signing certificate has CN=COmpany Name, ...

When i try to assign the code signing cert from godaddy in the app manifest visual studio complains that the publisher id has to be the same as the publisher id on the ms developer account.

Can someone give me a hint on either how i get a proper certificate or what i am doing wrong

From: http://blogs.msdn.com/b/windowsstore/archive/2012/04/25/deploying-metro-style-apps-to-businesses.aspx

Sign the app. To deploy the package to end-users, your app must be appropriately signed by a Certificate Authority that is trusted by the target PCs. The Publisher Name in the package manifest must match the Publisher Name in the certificate that is used to sign the app. Again, check the Dev Center for additional details on signing the app via Visual Studio.

Add:

http://blogs.msdn.com/b/wsdevsol/archive/2014/02/12/create-a-windows-store-appx-package-and-sign-it.aspx

questions for the developer side of things:
https://social.msdn.microsoft.com/Forums/windowsapps/en-US/home?forum=winappswithcsharp

Don,

thanks. We have all the signing working with a test certificate (self created)

problem is now we need an actual certificate from a trusted authority to sign the package

here is were our problem comes in

the app package has a publisher id that is the developer publisher id Microsoft assigned to us and it is a guid. Visual Studio doesn't allow us to change the publisher id to anything but that id.

when signing we need a cert that has that publisher id

we talked to godaddy if they could produce a code signing certificate that can have that publisher id and they said no so we have no idea how to get a valid signing cert.

found a bunch of links but they either show how to use a self signed cert which works of course or they have links that do not exist any longer or talk about things that do not seem to exist any longer

Mike

• Edited by Mike Salzlechner 20 hours 29 minutes ago

Don,

thanks. We have all the signing working with a test certificate (self created)

problem is now we need an actual certificate from a trusted authority to sign the package

here is were our problem comes in

the app package has a publisher id that is the developer publisher id Microsoft assigned to us and it is a guid. Visual Studio doesn't allow us to change the publisher id to anything but that id.

when signing we need a cert that has that publisher id

we talked to godaddy if they could produce a code signing certificate that can have that publisher id and they said no so we have no idea how to get a valid signing cert.

found a bunch of links but they either show how to use a self signed cert which works of course or they have links that do not exist any longer or talk about things that do not seem to exist any longer

Mike

• Edited by Mike Salzlechner Sunday, March 08, 2015 10:46 AM

Don,

thanks. We have all the signing working with a test certificate (self created)

problem is now we need an actual certificate from a trusted authority to sign the package

here is were our problem comes in

the app package has a publisher id that is the developer publisher id Microsoft assigned to us and it is a guid. Visual Studio doesn't allow us to change the publisher id to anything but that id.

when signing we need a cert that has that publisher id

we talked to godaddy if they could produce a code signing certificate that can have that publisher id and they said no so we have no idea how to get a valid signing cert.

found a bunch of links but they either show how to use a self signed cert which works of course or they have links that do not exist any longer or talk about things that do not seem to exist any longer

Mike

• Edited by Mike Salzlechner Sunday, March 08, 2015 10:46 AM

So, it sounds like the game has changed since 2012/2014 when that article was written?
And, it's Visual Studio (some version/edition) that won't let you edit the manifest to get the code-signing done the way you need?

Or, are you trying to use a .cer file, when you should be using a .pfx file ?
http://blogs.msdn.com/b/wsdevsol/archive/2014/02/12/create-a-windows-store-appx-package-and-sign-it.aspx
https://msdn.microsoft.com/en-us/library/windows/apps/br230260

Might be best to ask in the dev forum, since the issue you're having is with the dev phase of your project (albeit the very last phase prior to deployment)

Don

we are using a PFX file.

problem is that there are so many variables and really no good doc except for test certs which works

the app uses WNS notifications. It is assigned to store app. that forces it to use the publisher id form the developer account. you can modify it either by manually modifying the file or by assigning a different cert to the package in studio but when you try to build you get the error that the publisher id field has to match.

will try the dev forum. I emailed ms as well but not much so far

thanks

Mike

Hi Mike,

If you get any solutions from the msdn dev forum, we'll be appreciate it that you could share the solutions with us here so other community members who encounter the similiar issue.

Thanks,

Regards.

the app uses WNS notifications. It is assigned to store app. that forces it to use the publisher id form the developer account. you can modify it either by manually modifying the file or by assigning a different cert to the package in studio but when you try to build you get the error that the publisher id field has to match.

So, according to the hint from your dev forum thread, https://msdn.microsoft.com/en-us/library/windows/apps/hh924767.aspx it seems to me that you are heading off-track because you are "assigning to store", and, you are also signed-in (within VS) to your developer account.

I personally have no direct idea what that all means (I'm not a dev), but the link suggests that if you don't do those two things, VS will use the details in the manifest, which seems to be what you need to do for your goal?

Don

not sure were we would be off track. Could be but I cant figure it out and MS isn't much help either.

The app is assigned to a store app. That is needed to support WNS and to be able to publish the app to the store if needed.

Assigning the app to the store automatically requires the app to have the developers windows developer account publisher id to be able to build it.

Assigning a code signing cert changes the publisher id as well to the one from the code signing cert but that breaks the above rule of using the developer publisher id

I was in contact with MS email support as well and the he gave up now and told me that windows 10 would be easier.

The app is assigned to a store app. That is needed to support WNS and to be able to publish the app to the store if needed.

Assigning the app to the store automatically requires the app to have the developers windows developer account publisher id to be able to build it.

Assigning a code signing cert changes the publisher id as well to the one from the code signing cert but that breaks the above rule of using the developer publisher id

Hmm, that does sound like a dilemma.
I had assumed (yes...I know ;) that you were inadvertently selecting assign-to-store when you didn't need to do that, and so that forced you down a road that you didn't need (assign-to-store not needed, but assign-to-store requires you to use your dev cert).

So it seems that;
If WNS demands assign-to-store, then dev cert is mandatory, which suggests sideloading can't be done for this app ?

Put another way;
You can't effectively sideload if your app is using WNS ?