UWP authenticode signed appxbundle shows unknown publisher with smartscreen

About

Asked 30/6, 2016 at 12:35 Answered 17/10, 2021 at 21:29

I have a signed appxbundle generated by Visual Studio and signed with a Comodo authenticode sha256 certificate. The bundle shows a digital signature tab when opening the properties.

Now when I download the file on another PC, the smartscreen filter kicks in and says the appxbundle has an unknown publisher.

I researched this issue but it seems there are only solutions for clickonce deployments.

Update

I have also performed the solutions mentioned here. In short: using post build or pre-publish signing to sign the .exe files generated in the obj folder. Both these solutions do not solve the problem.

Update

Included certificate screenshot to show that certificate is valid:

My question: What do I need to do extra to make the appxbundle appear with the correct publisher?

Update

I checked with Comodo and rechecked the certificate chain. The application sideloads properly now but the Smartscreen still does not recognize the publisher.

Hach answered 30/6, 2016 at 12:35 Comment(11)

Have you read this? #12311703 – Distilled 4/7, 2016 at 6:39

This seems to be for hardware driver development.. When I go to the sysdev website, it asks for a verisign v3 certificate. This seems to be for system developers.... I just want to sideload an app – Hach 4/7, 2016 at 10:46

You probably checked, but is the certificate that you used to sign the app with, trusted on the other PC? Is the CA that issued that cert, trusted? You can check easily by opening the .cer file on the client PC and verify that the CertificationPath is all green – Kildare 4/7, 2016 at 13:15

Hi Alex, all the certification paths are okay. I posted a screenshot in the question – Hach 4/7, 2016 at 13:46

I assume that screenshot is from the Target PC, not your development machine. – Kildare 4/7, 2016 at 14:8

Yes you are correct – Hach 4/7, 2016 at 15:10

I have seen this before, and it was caused by trusted root certificates not been updated on the target PC. Somehow related: serverfault.com/questions/752146/… – Waterresistant 4/7, 2016 at 17:50

I checked the list of Trusted Certificate Root Authorities and the Comodo Authority shows up in the list. Also, the automatic updating in the group policy is set to 'not set' which seems to be the normal setting. – Hach 4/7, 2016 at 18:6

It seems the problem is not completely solved yet: smartscreen does still not recognize the publisher properly. Could it be because the signature made by visual studio does not have a timestamp property? – Hach 6/7, 2016 at 20:17

which tool are you using to sign your package? – Whether 2/6, 2017 at 13:14

Vs2017 is used for signing – Hach 3/6, 2017 at 16:26

You need to install the certificate by mmc.exe.

Run mmc.exe.
Click File From Menu and Click on Add/Remove Snap-in....
Choose Certificates and Click on Add >.
Select Computer Account and then Choose Local Computer and click on Finish.
and then, Click on OK.
Navigate to Certificates (Local Computer then Trusted Root Certificates then Certificates.
Right-click on Item's Parent and select All Tasks and then Import... and then browse your certificate *.cer extension.
Save this console as {Your_Name}.msc and run uwp and check Trusted App if you completed the step then delete the {Your_Name}.msc.

Arrowworm answered 17/10, 2021 at 21:29 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Update

Update

Update

Recommended topics

Hot tags