通过package.appxmanifest为Windows应用商店应用程序选择证书 [英] Choosing a certificate for a Windows Store application via the package.appxmanifest

问题描述

因此，可以通过Intune在内部分发WinRT应用程序，我需要按照 http://msdn.microsoft.com/en-us/library/windows/apps/br230260（v = vs.110）.aspx

So that an WinRT application can be internally distributed via Intune I need to attach a certificate as per http://msdn.microsoft.com/en-us/library/windows/apps/br230260(v=vs.110).aspx

我转到package.appxmanifest屏幕，单击选择证书->配置证书->从文件中选择。我双击相关的证书，然后输入密码。然后，我收到错误消息清单设计器无法导入证书。您选择的证书无效，因为它已过期或存在其他问题。有关更多信息，请参见http：/go.microsoft.com/fwlink/ ？linkId = 241478，与我之前链接到的页面相同。

I go to the package.appxmanifest screen, click choose certificate - > configure certificate - > select from file. I double click on the relevant certificate, and type the password. I then get the error message "The Manifest Designer could not import the certificate. The certificate you selected is not valid for signing because it is either expired or has another issue. For more information see http:/go.microsoft.com/fwlink/?linkId = 241478", which is the same page I linked to earlier.

或者，我将证书导入到本地存储中，在package.appxmanifest中，单击select证书->配置证书->从证书库中选择。然后，我收到错误消息没有可用的证书。没有证书符合申请条件。单击确定继续。。

Alternately, I import the certificate to my local store, the on the package.appxmanifest click choose certificate - > configure certificate - > pick from certificate store. I then get the error message "No certificate available. No certificates meet the application criteria. Click OK to continue".

我该如何解决？

推荐答案

事实证明，根据我先前发布的链接，对于增强密钥用法中指定的证书用法确实很挑剔。

It turns out that it's really fussy about certificate Usages as specified in Enhanced Key Usage, as per the link I posted earlier.

在打包过程中，Visual Studio通过以下方式以
验证指定的证书：

During packaging, Visual Studio validates the specified certificate in the following ways:

• 验证基本约束扩展的存在及其值，该值必须为Subject Type = End Entity或未指定。


• 验证增强型密钥用法的值属性，必须包含代码签名，还可能包含生命周期签名。禁止使用任何其他
  EKU。


• 验证KeyUsage（KU）属性的值，该属性必须为Unset或DigitalSignature。


• 验证是否存在私钥。


• 验证证书是否处于活动状态，是否已过期以及是否已被吊销。

• Verifies the presence of the Basic Constraints extension and its value, which must be either Subject Type=End Entity or unspecified.
• Verifies the value of the Enhanced Key Usage property, which must contain Code Signing and may also contain Lifetime Signing. Any other EKUs are prohibited.
• Verifies the value of the KeyUsage (KU) property, which must be either Unset or DigitalSignature.
• Verifies the existence of a private key exists.
• Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

我错了，尽管通过转到证书属性-证书用途-仅启用以下属性并取消选中属性对此无效的（即除代码签名之外的所有内容）我可以使用我们已经拥有的证书。那是行不通的。

I had mistakenly though that by going to Certificate Properties - Certificate Purposes - Enable only the following properties and unchecking properties that were invalid for this purpose (i.e. everything but Code Signing) I could use a certificate that we already had. That doesn't work.

我通过获取仅具有代码签名作为增强型密钥用法的证书解决了我的问题。

I resolved my problem by acquiring a certificate that did only have Code Signing as an Enhanced Key Usage.

这篇关于通过package.appxmanifest为Windows应用商店应用程序选择证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！