4 Replies Latest reply on Nov 7, 2016 7:28 PM by uniquekaiser

    Can't select windows signing keys

    sabrina.84616718 Level 1

      I have my windows phone 8.1 signing keys saved (the publisher ID one which is like xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ) but am unable to select it from the phonegap build https://build.phonegap.com/apps/xxxxxxx/builds page. I also have my windows publisher ID to hand in the format CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx if that helps.

       

      as for the Windows 10 (Universal) Signing i have no idea how to get this. i looked at

       

      Signing | PhoneGap Docs

       

      and it links to this article

       

      How to create an app package signing certificate (Windows)

       

      but here it says makecert is deprecated  (MakeCert (Windows) ) and to use the Powershell Cmdlet New-SelfSignedCertificate

       

      so now I have no idea how to

       

      1) get my windows phone signing to show up once ive saved it (and submitting it on the build page under 'add a key', it just disappears and then doesn't use it) or how to

      2) obtain what's necessary for Windows 10 (Universal) Signing

        • 1. Re: Can't select windows signing keys
          sabrina.84616718 Level 1

          I'm now attempting to follow this:  http://woshub.com/how-to-create-self-signed-certificate-with-powershell/

           

          So I find and run Windows Powershell as administrator

          I type in:

          New-SelfSignedCertificate -DnsName xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -CertStoreLocation cert:\LocalMachine\My

          where that string of XXX'S is my Windows publisher ID of the form CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx but without the 'CN=' at the start

          This creates a 'thumbprint' 40 characters long (alphanumeric).

          I then type into powershell

          $CertPassword = ConvertTo-SecureString -String “YourPasswordHere” -Force –AsPlainText

          and then

          Export-PfxCertificate -Cert cert:\LocalMachine\My\WRITE40CHARACTERTHUMBPRINTHERE  -FilePath C:\Windows10Certificate.pfx -Password $CertPassword

           

          I then doubleclicked the resulting certificate, entered the password and 'imported' it to my system.

          I then went to RUN and entered mmc

          on the open console i went to file> add/remove snap in and added 'certificates' and under personal certificates i see it there.

           

          [OK, this alone gave me this error:

          Error - Your Windows Signing Key must have an EKU (Enhanced Key Usage) property of "Code Signing" - You can fix this here  and linked to Signing an app package (Windows Store apps)

          ]

           

          so, I went back and altered the previous to:

           

          New-SelfSignedCertificate -DnsName xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -CertStoreLocation cert:\LocalMachine\My -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3")

           

          where

          -- Basic Constraints= 2.5.29.19

          ----

          -- Enhanced Key Usage= 2.5.29.37

          ---- Code Signing. = 1.3.6.1.5.5.7.3.3

           

          This creates a 'thumbprint' 40 characters long (alphanumeric).

          I then type into powershell

           

           

          $CertPassword = ConvertTo-SecureString -String “YourPasswordHere” -Force –AsPlainText

           

           

          and then

           

          Export-PfxCertificate -Cert cert:\LocalMachine\My\WRITE40CHARACTERTHUMBPRINTHERE  -FilePath C:\Windows10Certificate.pfx -Password $CertPassword

           

           

          *Sigh*

          Now I get a new error:

          Oh geez. Your build failed. Click the "Log" button above to view the compile log. If you need help diagnosing the issue, you can post to the support forum with your App ID (please do a search first).

          Log file excerpts:

           

           

          Build Date: 2016-09-16 00:35:27 +0000

          ================ Certificate 0 ================

          ================ Begin Nesting Level 1 ================

          Element 0:

          Serial Number: xxxxxxxxxxxxxxxxxxxxxxxxx

          Issuer: CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

          NotBefore: 9/16/2016 12:20 AM

          NotAfter: 9/16/2017 12:40 AM

          Subject: CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

          Signature matches Public Key

          Root Certificate: Subject matches Issuer

          Cert Hash(sha1): c9 fd 74 4b e5 d9 bc 18 9a a9 61 8b 86 30 e9 1d f2 eb b2 5f

          ---------------- End Nesting Level 1 ----------------

          Provider = Microsoft Software Key Storage Provider

          Private key is NOT plain text exportable

          Encryption test passed

          CertUtil: -dump command completed successfully.

          --------------------------------------------------------------------------------

          PLUGIN OUTPUT

          --------------------------------------------------------------------------------

          Fetching ,Installing, all fine until:

          CertUtil: -importPFX command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)

          CertUtil: The system cannot find the file specified.

          My "Personal"

          CertUtil: -delstore command completed successfully.

           

          where have I gone wrong and what do i need to do?

          • 2. Re: Can't select windows signing keys
            sabrina.84616718 Level 1

            As I also noted here: Re: Windows 10 build failed

             

            I managed to get hold of makecert.exe etc

             

            But still unable to sgn my windows app

             

            From the error log:

            ================ Certificate 0 ================

            ================ Begin Nesting Level 1 ================

            Element 0:

            ...

            Signature matches Public Key

            Root Certificate: Subject matches Issuer

            ...

            ---------------- End Nesting Level 1 ----------------

              Provider = Microsoft Strong Cryptographic Provider

            Signature test passed

            CertUtil: -dump command completed successfully.

            --------------------------------------------------------------------------------

            PLUGIN OUTPUT

            ...

            CertUtil: -importPFX command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)

            CertUtil: The system cannot find the file specified.

            My "Personal"

            CertUtil: -delstore command completed successfully.

             

             

            Cert generated in command line as follows:

            cd C:\Program Files (x86)\Windows Kits\8.1\bin\x64

            MakeCert /n "CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx, O=yyyyy , C=US" /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /sv MyKey.pvk MyKey.cer

            [[where yyyyy = same as <author>yyyyy </author> in config and same as Package/Properties/PublisherDisplayName in Developer Dashboard>App>App identity

            and CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx = Windows publisher ID, CN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx, from https://developer.microsoft.com/en-us/dashboard/Account/Management & Same as Package/Identity/Publisher in Developer Dashboard>App>App identity]]

            Pvk2Pfx /pvk MyKey.pvk /pi PASSWORDFROMABOVE /spc MyKey.cer /pfx MyKey.pfx

            named the new key (in PG Build) "MyKey"

             

            in config <preference name="windows-identity-name" value="zzz.zzzz" /> where zzz.zzzz = Package/Identity/Name

             

             

            ...so where am i going wrong?

            • 3. Re: Can't select windows signing keys
              rickyb39117700 Level 1

              I'm having the same exact problem. Did you ever find out how to upload your windows cert to PGB?

              • 4. Re: Can't select windows signing keys
                uniquekaiser

                Has anyone found a solution? I also need to sign my windows app but can't use the publisher id i had been using for years

                 

                Thanks!