使用智能卡证书签署UWP应用程序? [英] sign UWP app with Certificate from Smart card?
问题描述
我正在尝试为我的组织定义内部开发和使用的UWP应用的部署策略。 我们无法将此应用发布到商店,因此我们希望对其进行侧载。 目前,我使用的是自签名测试证书,这个
目前用于我们的测试目的,但我们希望达到更正式的"发布"版本。陈述并使用更长久的证书(以及由CA验证的证书,而不是自签名证书)。 我们有可用于签署电子邮件的证书
的智能卡,但我无法将其导入VS 201x工具链以签署UWP应用程序。
我尝试按照这些说明操作,Active Directory证书服务(https://blogs.msdn.microsoft.com/emeamsgdev/2014/06/10/how-to-create-and-use-a-code-signing- certificate-for-clickonce-vsto-applications-using-active-directory-certificate-services /)
创建一个VS至少会打开的证书,但它不喜欢它(证书中的无效条目)  即使VS会接受它,它也可能不适用于所有用户,因为它是基于AD的,我们的一些系统将脱机。
唯一看似可行的选择我可以找到从公共CA(如Thawte)购买代码签名证书并保持最新。 哪个*是*一个选项,但看到所有将接收此代码安装的系统都是内部的,看起来我们的
内部授权链应该有一些生成必要证书的方法,而不需要去第三方,并且我们所有人(开发人员和用户)都拥有带有签名证书的智能卡,我认为这些证书可以用于此目的。
任何人都有任何指针?
你好jasells,
> 我们所有人都有带有签名证书的智能卡,我认为可以用于此目的
因为我没有关于您的智能卡及其中的证书的详细信息。在我看来,基于证书的智能卡应该能够签署UWP包。
> 我们无法将此应用发布到商店,所以我们希望对其进行侧载。
众所周知,通过Windows开发人员中心提交应用程序时,商店会自动帮助您维护证书和包裹,而无需你手动维护它。但是,使用sideloading方式,一旦应用程序有任何更新,您需要手动
维护包和证书。
如果您不想将应用程序发布到存储的原因是因为在商店中发布会使您的应用对公众不可见,我建议您使用以下两种方式将应用发布到商店,但让您的应用对公众来说是隐形的
$ b
第一种方式是请将您的应用设置为隐藏在商店中,这样隐藏的应用只能通过直接链接提供,但无法在商店中发现。 ;
第二种方式是您可以将您的应用程序发布到Microsoft Store for Business中的私人商店,这样您组织中的所有员工都可以查看和下载应用程序。
有关详细信息,请查看:使用您的分发应用程序私法ate商店
第三种方式是使用LOB应用程序,这个应用程序可以直接发布到企业,通过Microsoft Store for Business进行批量获取,而不是在Store中广泛使用。文件
向企业分发LOB应用程序告诉分发LOB应用程序的步骤。
最好的问候
雏菊 田
I am trying to define a deployment strategy for an internally developed and used UWP app for my organization. We cannot publish this app to the store, so we wish to side-load it. Currently, I am using a self-signed test certificate, and this works for our purposes of testing for the moment, but we would like to reach a more official "release" state and use a longer lasting certificate (and one that is verified by a CA, not a self-signed one). We have smart cards with certificates available for signing emails, but I cannot import that into the VS 201x tool chain for signing UWP apps.
I tried following these instructions, Active Directory Certificate Services (https://blogs.msdn.microsoft.com/emeamsgdev/2014/06/10/how-to-create-and-use-a-code-signing-certificate-for-clickonce-vsto-applications-using-active-directory-certificate-services/) to create a certificate that VS will at least open, but it doesn't like it (invalid entries in the certificate). Even if VS would take it, it likely wouldn't work for all users since it is AD based, and some of our systems will be off-line.
The only seemingly viable option I can find is to buy a Code Signing Cert from a public CA (like Thawte) and keep it up to date. Which *is* an option, but seeing as all the systems that will receive this code install are internal, it seems like our internal Authority chain should have some means of generating the necessary certificate without going to a 3rd party, and all of us (developers and users) have smart cards with signature certs that I would think could be used for this purpose.
Anyone have any pointers?
Hi jasells,
>all of us have smart cards with signature certs that I would think could be used for this purpose
Since I do not have the detailed information about your smart cards and the certificate in it. In my opinion, the certificate-based smart card should be able to sign the UWP package.
>We cannot publish this app to the store, so we wish to side-load it.
As we all know that when submitting the app through the Windows Dev Center, the Store will automatically help you maintain your certificate and package without requiring you to manually maintain it. However using the way of sideloading you need to manually maintain the package and certificate once the app has any update.
If the reason that you don’t want to publish your app to store is because that publishing in the store will make your app be invisible to public, I will recommend you use the following two ways to publish the app to the store but make your app be invisible to the Public
The first way is that please set your app to be hidden in the store, in this way the hidden apps can be only available with the direct link but can not been discovered in the Store.
The second way is that you can publish your app to your private store in the Microsoft Store for Business , in this way all employees in your organization can view and download the apps.
For more information, please check:Distribute apps using your private store
The third way is using the LOB app, this app can be published directly to the enterprises for volume acquisition via Microsoft Store for Business, without being broadly available in the Store.This document Distribute LOB apps to enterprises tells the steps of distributing LOB apps.
Best Regards
Daisy Tian
这篇关于使用智能卡证书签署UWP应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
