4 Replies Latest reply on Nov 17, 2016 3:48 AM by 10538

    Windows 10 signed builds fail

    10538 Level 1

      A similar problem has been several times in recent months, but I believe I have got down to the crux of it. I am building an app for Android, IOS and Windows 10 (uap). I have no problems with Android and IOS but if I select my code signing key for Windows, the builds frequently fail with the well-known

       

      CertUtil: -importPFX command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)

      CertUtil: The system cannot find the file specified.

      My "Personal"

      CertUtil: -delstore command completed successfully.

       

      Yesterday, this happened half a dozen times and it usually worked if I subsequently did a rebuild with no changes. Today, no such luck The other platforms are building but any attempt to build a signed Windows app fails. If I change the Windows build settings to 'No key selected' it builds just fine. So the problem appears to be firmly in the code signing. I don't have to change anything other than the key selection to make the build pass or fail. (And the same key worked yesterday.)

       

      ALSO, I cannot sign the appx myself since no matter what I do, the publisher is listed as 'CN=Apache Cordova Team' in the AppxManifest.xml:

        <Identity Name="SyntagmLtd.WordEkeInnovativeWordGame" Publisher="CN=Apache Cordova Team" Version="1.3.0.0" ProcessorArchitecture="arm" />

       

      So I get this error from SignTool on Windows:

      error 0x8007000B: The app manifest publisher name (CN=Apache Cordova Team) must match the subject name of the signing certificate (CN=Syntagm Ltd, ...).

       

      These are the first few lines of my config.xml:

       

      <widget xmlns     = "http://www.w3.org/ns/widgets"

              xmlns:gap = "http://phonegap.com/ns/1.0"

              id        = "uk.co.syntagm.wordeke"

              version   = "1.3.0">

       

        <name>WordEke</name>

        <author>Syntagm Ltd</author>

        <preference name="WindowsStorePublisherName" value="CN=Syntagm Ltd" />

       

        <preference name="windows-identity-name" value="SyntagmLtd.WordEkeInnovativeWordGame" />

        <preference name="windows-appx-target" value="uap" />

        <preference name="windows-arch" value="arm" />

       

      (The pgb app id is 830132.) I only recently added the WindowsStorePublisherName, but it seems to have no effect.

       

      I am now completely stuck trying to build a Windows app that I can run on a Windows 10 phone since they have to be signed. Any suggestions?

        • 1. Re: Windows 10 signed builds fail
          ryanskihead Adobe Employee

          Hi, give the signed app a try again now. This is an ongoing issue that the dev team has been unable to prevent from cropping up. Still working on it though.

          • 2. Re: Windows 10 signed builds fail
            10538 Level 1

            Yep, that worked, thanks. So what's the procedure when this fails consecutively? I don't mind hitting rebuild occasionally, but today no amount of rebuilding worked until you made 'the adjustment'.

             

            Also, I don't need to fix the publisher if the PGB signing is working, but is there any way of changing the publisher from 'CN=Apache Cordova Team' in the Windows app manifest?

            • 3. Re: Windows 10 signed builds fail
              10538 Level 1

              This worked for a couple of builds yesterday, but it is failing again today. Same error as everyone else is reporting:

              CertUtil: -importPFX command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) CertUtil: The system cannot find the file specified. My "Personal" 

              Again, building a debug version (that I can't run) works fine.

               

              If I could sign the appx myself I'd be able to work around this, but as I mentioned above, the publisher in the generated appx manifest is identified as CN=Apache Cordova Team. Nothing I have tried will change this and as you can see from above, SignTool won't play.

               

              Could you expedite a long-term solution to this issue? In the meantime, if there is any way of making the appx signable outside of PGB please let me know what I'd need to do. TIA!

              • 4. Re: Windows 10 signed builds fail
                10538 Level 1

                This morning the Windows signed build works again AND the publisher name is correct in the Windows appx manifest, so thanks for that. At least I can sign my own appx now if the signed build fails. If anyone is interested in how to do this, you need a .pfx certificate (with private key). In the line below %PGKEYS_PW% is an environment variable containing my private key password. Just replace the whole thing with your password or define your own PGKEYS_PW variable.

                 

                "C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool" sign /fd SHA256 /a /f "C:\path-to-your-signing-cert.pfx" /p %PGKEYS_PW% yourapp.appx

                 

                You might have signtool.exe somewhere other than the path I mention above, but if you can't find it you need to install the Windows 10 SDK @ Windows 10 SDK - Windows app development