SignTool error when signing AppX file: "Error: SignerSign() failed." (-2147024693/0x800700cb)

Question

I am creating an Appx package using makeappx.exe and then try to sign it using SignTool.exe.

The error I get from SignTool is:

"Error: SignerSign() failed." (-2147024693/0x800700cb)

The certificate I am using is created by me following instructions from here.

In EventViewer there is no record about this failed operation!

I do not understand what this error means and how to fix it!! Has anyone encountered this before, and found a solution?

I can't use Visual Studio so I need to stick with makeappx.exe.

It is a Windows error, ERROR_ENVVAR_NOT_FOUND. The signtool /nph option is documented to use an environment variable. Just blind guessing as long as you don't document your question properly. Anyhoo, something "environmental". — Hans Passant, Jul 09 '14 at 13:03
The full command line passed to `SignTool.exe` is: `SignToolexe sign /a /f cert.pfx /fd SHA256 /v /debug myPackage.appx` MSDN says about `/nph` option: _If supported, suppresses page hashes for executable files. The default behavior is determined by the SIGNTOOL_PAGE_HASHES environment variable and by the Wintrust.dll version. This option is ignored for non-PE files._ I dont have any PE files in package so it does not apply. — Dorel Pîslan, Jul 09 '14 at 13:53

MrD · Answer 1 · 2014-10-21T21:33:37.387

4

The appxmanifest xml file needs to have a publisher that corresponds to the certificate that is signing the appx package. The publisher is specified in an attribute for the "<Identity />" tag.

From MSDN:

The app manifest publisher name must exactly match the subject name of the signing. Note These names are specified in quotes and are both case and whitespace sensitive. You can update the Publisher attribute string that is defined for the Identity element in the AppxManifest.xml file to match the subject name of the intended signing certificate. Or, select a different signing certificate with a subject name that matches the app manifest publisher name. The manifest publisher name and the certificate subject name are both listed in the event message.

Example error:

error 0x8007000B: The app manifest publisher name (CN=Contoso) must match the subject name of the signing certificate (CN=Contoso, C=US).

edited Oct 21 '14 at 21:33

answered Oct 21 '14 at 21:24

MrD

629
1
8
22

2

I am receiving error **0x800700cb**, not **0x8007000B** ! – Dorel Pîslan Oct 23 '14 at 06:29
1

Sorry, I didn't see that hidden C! :( No idea on that one then. – MrD Oct 24 '14 at 17:45
did you try looking up more details in the event log? (as suggested in the linked MSDN article) – Yoav Feuerstein Jul 24 '17 at 13:33

score 1 · Answer 2 · answered Jun 14 '21 at 17:01

I know this is an old question, but I just had a similar problem with the signer tool, but different error code. Though, I think the comment was relevant:

Turns out you can get this error too if you use the wrong version of the SignTool, but it give no clue to this fact.

So the top tip is …

Make sure you use the SignTool.exe from the same folder as the MakeAppx.exe tool. In my case in “C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\”

Cross-linking should help this page get a higher page ranking on the search engines.

https://blogs.blackmarble.co.uk/rfennell/2019/04/30/a-fix-for-error-signersign-failed-2146958839-0x80080209-with-signtool-exe/

SignTool error when signing AppX file: "Error: SignerSign() failed." (-2147024693/0x800700cb)

2 Answers2

Linked