2

I want to create certificate to signing my application:

c:\certcenter> makecert -sv demas.me.pvk -n "cn=demas.me" demas.me.cert -b 01/01/2014 -e 01/01/2015 -r
Succeeded

c:\certcenter> pvk2pfx.exe -pvk demas.me.pvk -spc demas.me.cert -pfx demas.me.pfx

When I am trying to select certificate in VS I get error message: "The Manifest Designer could not import the certificate".

Here is Publisher, Publisher name in the appmanifest and error message:

enter image description here

How can I fix this error ?

ceth
  • 44,198
  • 62
  • 180
  • 289
  • Change the expiry date to be in the past and see if that alters the error returned. Might help. – Anthony Palmer Sep 30 '14 at 09:50
  • No, I have the same error. I have added this certificate to Trusted Publishers, but didn't help too. – ceth Sep 30 '14 at 09:54
  • 1
    Could be an issue with the private key. Use OpenSSL to check it and the created certificate is valid. Openssl will give you better error messages. – Anthony Palmer Sep 30 '14 at 10:01
  • I have opened "Manage Computer Certificates", find my certificate and in the properties I have found "You have a private key that corresponds to this certificate". Can you provide a link, how can I use OpenSSL to check certificate ? – ceth Sep 30 '14 at 10:07
  • https://www.sslshopper.com/article-most-common-openssl-commands.html – Anthony Palmer Sep 30 '14 at 10:14
  • Which of three files do I need to check (cert, pvk, pfx). I use 'openssl.exe x509 -in c:\certcenter\demas.me.cert -text -noout' and get error message: 3888:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:703:Expecting: TRUSTED CERTIFICATE. The same with other three files. – ceth Sep 30 '14 at 10:58
  • I have this error on both computers: Windows and Mac, so I think the reason is not openssl installation. – ceth Sep 30 '14 at 11:03
  • What format is your certificates? PEM PKCS12? If you open then in a text editor do you see text or binary? If openssl cannot parse your certs or keys then probably nothing else will. – Anthony Palmer Oct 02 '14 at 08:41
  • Did you find the cause of this? – tymtam Sep 10 '18 at 06:56

1 Answers1

1

Step by step, instructions for one that can be found at https://learn.microsoft.com/en-au/windows/desktop/appxpkg/how-to-create-a-package-signing-certificate and essentially are:

MakeCert /n publisherName /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /e expirationDate /sv MyKey.pvk MyKey.cer

Pvk2Pfx /pvk MyKey.pvk /pi pvkPassword /spc MyKey.cer /pfx MyKey.pfx [/po pfxPassword]

The options passed in to MakeCert are explained in the page, but here's an excerpt:

/r Creates a self-signed root certificate. This simplifies management for your test certificate.

/h 0 Marks the basic constraint for the certificate as an end-entity. This prevents the certificate from being used as a Certification Authority (CA) that can issue other certificates.

/eku Sets the Enhanced Key Usage (EKU) values for the certificate.

/e Sets the expiration date of the certificate.

(...)

Update:

Please be aware that when using MakeCert with expiration and start dates it uses the format of mm/dd/yyyy so 12/09/2018 is the 9th of December 2018, not the 12th of September 2018.

tymtam
  • 31,798
  • 8
  • 86
  • 126