I have been several days learning the signing process for Windows 8 Metro apps. For development, Windows allows us to issue a fake authority certificate (this will just work on our computer) and using this certificate, we issue a personal one to sign our apps.
1. Create a fake "Trusted root Certification authority"
2. Create a personal certificate "authorized" by our fake previous certificate
Using a batch gocert.bat:
- Code: Select all Expand view
- c:\"Program Files (x86)\Windows Kits"\8.0\bin\x86\makecert -n "CN=fivetechauthority" -sr currentuser -ss root -a sha1 -cy authority -r -sk fivetechauthority.cer
c:\"Program Files (x86)\Windows Kits"\8.0\bin\x86\makecert -n "CN=fivetech" -sr currentuser -ss my -cy end -sky exchange -a sha1 -is root -ir currentuser -in fivetechauthority -sk fivetech.cer
There are several ways to check that it worked as expected. From the Internet Explorer we can review "Internet options", "Content", "Certificates". Here "fivetechauthority" is listed as a trusted certification authority, and we have also a personal certificate "authorized" by the "fivetechauthority"
The final step is to check the "thumbprint" of our personal certificate, as it is required to sign our apps. We use Windows "powershell" to inspect our certificates:
- Code: Select all Expand view
- c:\>powershell
Windows PowerShell
Copyright (C) 2011 Microsoft Corporation. All rights reserved.
PS C:\> dir cert:\currentuser\my
Directory: Certificate::currentuser\my
Thumbprint Subject
---------- -------
1CAE9F6CEA30F8EBB2A78FBDC720F90770FB79B4 CN=fivetech
PS C:\> exit
c:\>
"C:\program files (x86)\Windows Kits\8.0\bin\x64\signtool.exe" sign /fd sha256 /sha1 1CAE9F6CEA30F8EBB2A78FBDC720F90770FB79B4 MyApp.appx
(yes, new name of our apps too. More on next posts)
