17

I have a signed appxbundle generated by Visual Studio and signed with a Comodo authenticode sha256 certificate. The bundle shows a digital signature tab when opening the properties.

Now when I download the file on another PC, the smartscreen filter kicks in and says the appxbundle has an unknown publisher.

I researched this issue but it seems there are only solutions for clickonce deployments.

Update

I have also performed the solutions mentioned here. In short: using post build or pre-publish signing to sign the .exe files generated in the obj folder. Both these solutions do not solve the problem.

Update

Included certificate screenshot to show that certificate is valid:

enter image description here

My question: What do I need to do extra to make the appxbundle appear with the correct publisher?

Update

I checked with Comodo and rechecked the certificate chain. The application sideloads properly now but the Smartscreen still does not recognize the publisher.

timiTao
  • 1,417
  • 3
  • 20
  • 34
WJM
  • 1,137
  • 1
  • 15
  • 30
  • Have you read this? http://stackoverflow.com/questions/12311203/how-to-pass-the-smart-screen-on-win8-when-install-a-signed-application – Bogdan Mitrache Jul 04 '16 at 06:39
  • This seems to be for hardware driver development.. When I go to the sysdev website, it asks for a verisign v3 certificate. This seems to be for system developers.... I just want to sideload an app – WJM Jul 04 '16 at 10:46
  • You probably checked, but is the certificate that you used to sign the app with, trusted on the other PC? Is the CA that issued that cert, trusted? You can check easily by opening the .cer file on the client PC and verify that the CertificationPath is all green – AlexDrenea Jul 04 '16 at 13:15
  • Hi Alex, all the certification paths are okay. I posted a screenshot in the question – WJM Jul 04 '16 at 13:46
  • I assume that screenshot is from the Target PC, not your development machine. – AlexDrenea Jul 04 '16 at 14:08
  • Yes you are correct – WJM Jul 04 '16 at 15:10
  • I have seen this before, and it was caused by trusted root certificates not been updated on the target PC. Somehow related: http://serverfault.com/questions/752146/why-are-many-admins-using-turn-off-automatic-root-certificates-update-policy – yms Jul 04 '16 at 17:50
  • I checked the list of Trusted Certificate Root Authorities and the Comodo Authority shows up in the list. Also, the automatic updating in the group policy is set to 'not set' which seems to be the normal setting. – WJM Jul 04 '16 at 18:06
  • It seems the problem is not completely solved yet: smartscreen does still not recognize the publisher properly. Could it be because the signature made by visual studio does not have a timestamp property? – WJM Jul 06 '16 at 20:17
  • which tool are you using to sign your package? – Kushonoha Jun 02 '17 at 13:14
  • Vs2017 is used for signing – WJM Jun 03 '17 at 16:26

1 Answers1

0

You need to install the certificate by mmc.exe.

  1. Run mmc.exe.
  2. Click File From Menu and Click on Add/Remove Snap-in....
  3. Choose Certificates and Click on Add >.
  4. Select Computer Account and then Choose Local Computer and click on Finish.
  5. and then, Click on OK.
  6. Navigate to Certificates (Local Computer then Trusted Root Certificates then Certificates.
  7. Right-click on Item's Parent and select All Tasks and then Import... and then browse your certificate *.cer extension.
  8. Save this console as {Your_Name}.msc and run uwp and check Trusted App if you completed the step then delete the {Your_Name}.msc.
Mubarrat Hasan
  • 156
  • 13