93

I have a Windows 8 app that I would like to deploy to my Windows RT 2. I only have the .appx, and I would like to just install it for testing by bypassing the store. However, when I run the command:

Add-AppxPackage <project.appx>

I get the following error:

In-line script returned error output: Add-AppxPackage : Deployment failed with HRESULT: 0x800B0109, A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109) error 0x800B0109: The root certificate of the signature in the app package must be trusted.*

Google says that I need the certificate or PowerShell script, but surely there is a way that I can just bypass all of this. Ideally, I would like to just install the application for testing.

Otherwise, what is the easiest method to fix this issue? What else do I need with the .appx, so that I can install it with no problem?

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
opposite of you
  • 1,295
  • 1
  • 11
  • 16

6 Answers6

167

The certificate is probably self-signed, so you need to install it to trust it.

Obtain the Certificate that signed the App

If this is your own app, you should be able to find it in your IDE ( e.g. Visual Studio) otherwise use these steps:

  1. Right click on APPX file
  2. Click Properties
  3. Click Digital Signatures
  4. Select Signature from the list
  5. Click Details
  6. Click View Certificate
  7. Click Install Certificate

Install the Certificate

Quote from Installing developer packages on Windows RT:

  1. From the Windows RT PC, either map the network share or connect the USB drive where you can access the AppPackages folder that contains the app package to install. Use Windows Explorer to open that folder.
  2. Double-tap the certificate file in the folder and then tap Install Certificate. This displays the Certificate Import Wizard.
  3. In the Store Location group, tap the radio button to change the selected option to Local Machine.
  4. Click Next. Tap OK to confirm the UAC dialog.
  5. In the next screen of the Certificate Import Wizard, change the selected option to Place all certificates in the following store.
  6. Tap the Browse button. In the Select Certificate Store pop-up window, scroll down and select Trusted People, and then tap OK.
  7. Tap the Next button; a new screen appears. Tap the Finish button.
  8. A confirmation dialog should appear; if so, click OK. (If a different dialog indicates that there is some problem with the certificate, you may need to do some certificate troubleshooting. However, describing what to do in that case is beyond the scope of this topic.)

See also:

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
  • wow it works for me on windows 10 Insider Preview too, this is one of the latest build of windows 10 Professional and build # 14372. thanks! – Dung Jul 22 '16 at 21:32
  • 11
    To get a certificate from the appx, open file properties > Digital Signatures > Details > View Certificate. You can install from thee, or on the details tab, save the cert. – Andy Joiner Aug 02 '16 at 12:31
  • 8
    Doesn't work for me. I still get the error after installing the certificate – Shimmy Weitzhandler Sep 18 '17 at 00:03
  • 52
    Didn't work for me initially, instead of installing the certificate in the current user's Store location, I had to select "Local Machine", and then selected "Trusted Root Certification Authorities" – xer21 Jan 20 '18 at 08:25
  • 1
    @xer21 +1, I wish you had posted this as an answer. – Mohsen Kamrani Aug 08 '18 at 09:24
  • 1
    This doesn't work for me on Windows 8.1 Embedded for some reason. I don't have these options in file properties. "Digital Signatures" is missing entirely. – VELFR Sep 19 '18 at 05:05
  • 5
    @xer21 has the missing part to the total answer. "Local Machine" and "Trusted Root Certification Authorities" are critical. (whew! thanks! +1). – entiat Nov 21 '18 at 13:55
  • Love Microsoft making things better. ClickOnce certificates goes to `Trusted Publishers` appx ones to `Trusted People`. Thanks for help, spend few hours on this – Jan Zahradník Feb 03 '21 at 12:32
  • Well, this might work, but adding the certificate to the Trusted Root certificates, creates a significant vulnerability: the application is then able to intercept https-traffic. – Andreas Sep 02 '21 at 19:36
  • I don't even see "digital signatures" on W11 – Daniel Lizik Jun 24 '22 at 04:36
  • Brilliant! This post helped me find out the dates of the certificate, by which I could change the current year on my computer, so that I could finally run the `msixbundle` and install the program (Pure Battery Analytics). Thanks! – Henke Apr 05 '23 at 07:32
27

Doesn't work for me. I still get the error after installing the certificate

If you received the message,

Either you need a new certificate installed for this app package, or you need a new app package with trusted certificates. Your system administrator or the app developer can help. A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)

after renew your certificate, than probably your certificate is a temporary one and the simple way to solve it is make it usable.

To correct this error you need to change the position of certificate to root trusted certificates folder. When you click in your certificate, appear a page that ask you where you want to install it. So, there, you need to change to root trusted certificate folder and not use the default.

Regards

Morse
  • 8,258
  • 7
  • 39
  • 64
Guilherme Marques
  • 485
  • 6
  • 13
  • 6
    if you don't want to install to Trusted Root (that will have an impact on the overall system) you can also install it in "Trusted People". – rido Sep 17 '18 at 05:01
26
  1. Double-click the Package_1.0.6.0_AnyCPU_Debug.cer file
  2. Click the Install Certificate... button
  3. Store Location -> Local Machine
  4. Select the Place all certificates in the following store
  5. Click Browse... button
  6. Select the Trusted Root Certification Authorities
  7. OK
Connor Park
  • 279
  • 3
  • 6
23

For me this was occurring when trying to install Side-load HockeyApp version

Fix:

Before installing: Enable Developer mode at

Settings ➔ Update & Security ➔ For Developers ➔ Use Developer features : Developer Mode

Install certificate (.cer file) to Trusted root certificates.

  • Store location = Local machine
  • Place all certificates in the following store = Third-Party Root Certification Authorities

Then retry

Community
  • 1
  • 1
Morse
  • 8,258
  • 7
  • 39
  • 64
1

Chiming in. I got the following when trying to install an app.

Either you need a new certificate installed for this app package, or you need a new app package with trusted certificates. Your system administrator or the app developer can help. A certificate chain processed, but terminated in a root certificate which isn't trusted (0x800B0109)

Turns out the Powershell script starting the installer seems to do some preliminary work, amongst which is downloading and installing certificates and whatnot to the local machine.

Now, in an enterprise setting there usually are Internet filters in place. In our case it's an authenticating proxy and not a lot of software gets this right (1. using an explicit proxy, 2. asking for authentication when requested). It's always the same thing. Someone executes a script somewhere and doesn't think about people who don't have full and unauthenticated internet access all the time, like in an enterprise setting. IMHO you should just throw away software that can't get this right, it's the only way they (maybe) learn.

DisappointedByUnaccountableMod
  • 6,656
  • 4
  • 18
  • 22
Marki
  • 660
  • 8
  • 24
0

If you're getting this error: App installation failed with error message: Install failed. Please contact your software vendor. (0x80073cf9) Please check you might already installed this app. Please uninstall and try again

Abhijeet
  • 92
  • 10