Create a test PFX certificate

One main rule that is new in the software packaging world is the use of digital certificates with MSIX packages. MSIX package will not install if they are not digitally signed.

Now, if you are just learning MSIX, or you don’t yet have a bought digital certificate, you can create some tests certificates that you can use to sign your MSIX packages.

I am going to cover two options, but there are a lot more out there.

Option 1: MakeCert

The MakeCert executable comes with Windows 10 SDK. This is installed in the \Bin folder of the Microsoft Windows Software Development Kit (SDK) installation path.

Once you downloaded and installed the Windows SDK, open up CMD and you can create a dummy certificate by using these commands:

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\makecert.exe" -n "CN=Local" -r -pe -a sha256 -len 2048 -cy authority -e 03/03/2023 -sv Local.pvk Local.cer

Be very careful what expiration date you set with -e. In this case the certificate expires on the 03/03/2023. If the expiration date is passed, you won’t be able to use this certificate to sign your MSIX packages.

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\pvk2pfx.exe" -pvk Local.pvk -spc Local.cer -pfx Local.pfx

After you executed these two commands, a certificate called Local.PFX will be present in your user profile (%USERPROFILE%).

Now you can use the PFX certificate to sign your MSIX packages.

Option 2: PowerShell

PowerShell is so potent that I don’t think there is something you can’t do with it. To create a new self-signed certificate with PowerShell, this is the script which you could use:

# The New-SelfSignedCertificate cmdlet allows to create a self-signed certificate
$cert = New-SelfSignedCertificate -DnsName MyTestCertificate -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My
#To verify that the certificate has been generated, run this command
Get-ChildItem -Path Cert:\CurrentUser\My | ? Subject -EQ "CN=MyTestCertificate"
# Export the certificate using the Export-PfxCertificate cmdlet
$CertPassword = ConvertTo-SecureString -String "password" -Force –AsPlainText
Export-PfxCertificate -Cert "cert:\CurrentUser\My\$($cert.Thumbprint)" -FilePath "d:\MyTestCertificate.pfx" -Password $CertPassword

With  this script, a PFX certificate called MyTestCertificate will be created in D:\. Feel free to modify the script as you desire, for example to place a different password, give it a different name, etc.

With these two options, you can create your desired PFX certificates for your MSIX Packages. Of course, other methods like OPENSSL can be used to create a PFX certificate, it is up to you which method you use.

Leave a comment

Your email address will not be published. Required fields are marked *

nineteen + 6 =