Comments (30)
@sensuikan1973 You're absolutely right I forgot to leave it for when publishing to windows store.
i publish new version (2.5.2) with the 'publisher', and update the CHANGELOG
thank you!! β€οΈ
from msix.
@marcov-dart hey again :)
i publish new version (2.5.0) the "publisher" configuration field is now deprecate, it recognize automatically.
Hey, again! An update: So after the success with the self-signed certificate yesterday I went ahead and ordered the real certificate using the same csr. I got back a zipfile containing the .crt and a .ca-bundle file containing intermediate certificates.
I was able to create the needed .pfx file using:
openssl pkcs12 -export -out codesigning.pfx -inkey xxx.key -in xxx.crt -certfile xxx.ca-bundle
I updated msix to 2.5.3, removed the publisher field and tried flutter pub run msix:create.
This failed with:
The following certificate was selected:
Issued to: xxxx
Issued by: Sectigo Public Code Signing CA R36
Expires: xxxx
SHA1 hash: xxxx
Done Adding Additional Store
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)
SignTool Error: An unexpected internal error has occurred
I tried getting it to work by inspecting the subject in the .pfx and adding back the publisher field. This failed with the same error. It looks like the publisher field gets ignored unless you use -store.
Fortunately, I had done a git clone yesterday and I tried the version that worked for me for the self-signed certificate yesterday. And that version actually worked for me with the previously added publisher field.
I will update my local copy and debug a bit, and see if I can spot what is going wrong in version 2.5.3.
from msix.
Ok, so, in 2.5.3, the AppxManifest.xml contains the following:
Identity Name="xxx" Version="1.0.0.0"
Publisher="CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB" ProcessorArchitecture="x64"
Which is the subject of one of the intermediate certificates in the chain.
Maybe I did something wrong creating the pfx file? I should not include the intermediate certificates? Although I feel pretty certain the intermediates are necessary.
In any case that is the origin of the problem.
Maybe a solution here could be to just have CN=xxx in the publisher configuration in combination with certificate_path. And use the CN= to find the correct certificate in the pfx.
from msix.
hey @marcov-dart
i publish new version 2.6.2 to fix #61, please use 2.6.2 and update if its working for you
Hello @YehudaKremer, yes, 2.6.2 is working for me!
from msix.
Hello @tonyhart7
this package uses http://timestamp.digicert.com
for sign with timestamp.
i try and fail to reproduce this error,
maybe this timestamp server was done for some time and now is back,
can you please try again to is if its working for you now
from msix.
Hello @tonyhart7 this package uses
http://timestamp.digicert.com
for sign with timestamp.i try and fail to reproduce this error, maybe this timestamp server was done for some time and now is back, can you please try again to is if its working for you now
its working now, change my internet provider to another and its works again
but still I cant sign in with my own cert , the testing cert is success
can you provide example value of default cert ?
from msix.
I manage to match all my cert and given info in yaml file but still cant sign msix
I know this happen because the given info and cert info is dnt match
but I just type arsyad into all field and still throws error
from msix.
can you please copy paste the error here
from msix.
i publish new version (2.4.0) that automatically sign the .msix file for you,
also update the documentation.
from msix.
I have the same problem as described tonyhart7 and I am using msix 2.4.2.
I created the pfx using OpenSSL 1.1.1f:
openssl genrsa -out test5_cs.key 2048
openssl req -new -key test5_cs.key -out test5_cs.csr -subj '/CN=Testing/O=Testing Corporation/S=Some-State/C=NL'
This command comes back with: req: Skipping unknown attribute "S".
I looked it up and the proper abreviation of stateOrProvinceName is ST not S. This is weird. It looks like Microsoft is going non standard and is using S instead of ST?
Anyway, I tried leaving it out entirely:
openssl req -new -key test5_cs.key -out test5_cs.csr -subj '/CN=Testing/O=Testing Corporation/C=NL'
openssl x509 -in test5_cs.csr -out test5_cs.crt -req -signkey test5_cs.key -days 10000
openssl pkcs12 -export -out test5_cs.pfx -inkey test5_cs.key -in test5_cs.crt
In the pubspec.yaml:
certificate_path: C:/.../test5_cs.pfx
certificate_password: ...
publisher: CN=Testing, O=Testing Corporation, C=NL
Then run flutter pub run msix:create and the error message appears:
The following certificate was selected:
Issued to: Testing
Issued by: Testing
Expires: Fri Mar 12 06:27:50 2049
SHA1 hash: 25236B1A876330D77BCFF9EA1E61824DE4E459AC
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)
SignTool Error: An unexpected internal error has occurred.
Please note: The value of Publisher should be in one line and with commas, example:
CN=Msix Testing, O=Msix Testing Corporation, S=Some-State, C=US
from msix.
hello @marcov-dart
from version 2.4.0 you don't must to set certificate,
delete certificate_path, certificate_password, publisher
and try again
from msix.
Thanks, but how then do I specify what certificate to use?
Because now it says: installing test certificate. And it is using the test certificate to sign.
from msix.
its automatic using build in test certificate,
this test certificate is good for local installation and testing.
if you will publish to the windows store, your app will signup automatic by the windows store
from msix.
Yes, I get that, but I am not going throw the Windows store, I need a msix package with a a proper certificate. So I need to create a .csr that works. I am currently self-signing it to test this before spending hunderds of euro's and having it signed by an actual certificate authority.
Right now it looks like it won't work. I can make a csr. I can send it to a certificate authority. But then it looks like the signing is going to fail.
from msix.
i see,
can you send me your test certificate with password, and i will try it
from msix.
Sure, as it is only a test certificate... The export password is 1234
from msix.
try same value but different order:
publisher: C=NL, O=Testing Corporation, CN=Testing
from msix.
Yes, thanks!
That worked.
I actually used the order that
openssl x509 -in test5_cs.csr -out test5_cs.crt -req -signkey test5_cs.key -days 10000
reports back:
Signature ok
subject=CN = Testing, O = Testing Corporation, C = NL
So apparently openssl reports this back in reverse order...
from msix.
Top notch support by the way! Many thanks.
from msix.
you welcome π
from msix.
@marcov-dart hey again :)
i publish new version (2.5.0)
the "publisher" configuration field is now deprecate, it recognize automatically.
please check the updated documentation
from msix.
If I want to specify not "certificate_path/certificate_password" but "publisher" directory, is that impossible?
as long as I see d76d886, that is impossible...
my question is, Is there an option to keep "publisher" config?
from msix.
hello @sensuikan1973
from 2.5.0 'publisher' is recognize automatic by looking in your certificate details,
why keep 'publisher'?
from msix.
when I publish to windows store signed by Microsoft, I don't have to specify certificate info, I have to specify "publisher".
(I'm sorry if I'm saying the wrong thing due to lack of study.)
from msix.
Thank you very much !! β€οΈ
from msix.
Hello @marcov-dart
Thank you for the investigation π
you're probably right.
From 2.5.0, i'm using the command certutil -dump -p yourpassword "your_cert.pfx"
to get the certificate "Subject" (its the "publisher" in AppxManifest.xml).
Probably some certificates like yours have different output ('intermediate certificates' like your said) and i need to address this
i publish 2.5.5 that print the certificate details,
can you please try again with this version and paste here the output (omit please sensitive info)
thank you for your time and effort
from msix.
Ok, so version 2.5.5 works!
Output:
Element 1:
Serial Number: 48fc93b46055948d36a7c98a89d69416
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
NotBefore: 25-5-2021 02:00
NotAfter: 1-1-2029 01:59
Subject: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB
Non-root Certificate
Cert Hash(sha1): 329b78a5c9ebc2043242de90ce1b7c6b1ba6c692
---------------- End Nesting Level 1 ----------------
No key provider information
Kan het certificaat en de persoonlijke sleutel voor ontsleuteling niet vinden.
================ Certificate 2 ================
================ Begin Nesting Level 1 ================
Element 2:
Serial Number: 621d6d0c52019e3b9079152089211c0a
Issuer: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB
NotBefore: 22-3-2021 02:00
NotAfter: 22-3-2036 01:59
Subject: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Non-root Certificate
Cert Hash(sha1): 0bc5e76773d2e44fc9903d4dfefe451553bbec4a
---------------- End Nesting Level 1 ----------------
No key provider information
Kan het certificaat en de persoonlijke sleutel voor ontsleuteling niet vinden.
================ Certificate 3 ================
================ Begin Nesting Level 1 ================
Element 3:
Serial Number: XXX
Issuer: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
NotBefore: 26-10-2021 02:00
NotAfter: 26-10-2024 01:59
Subject: CN=XXX, O=XXX, S=XX, C=XX
Non-root Certificate
Cert Hash(sha1): XXX
---------------- End Nesting Level 1 ----------------
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
CertUtil: -dump command completed successfully.
subjectRow: Subject: CN=XXX, O=XXX, S=XX, C=XX
config.publisher: CN=XXX, O=XXX, S=XXX, C=XX
β getting certificate publisher
β generate appx manifest
β generate PRI file
β packing
β cleaning temporary files
β installing certificate
β signing
[ββββββββββββββββββββββββββββ] 100%
Msix Installer Created:
from msix.
@marcov-dart We did it π
The problem was like you said, i toke the first certificate in the chain,
the fix is to take the last one.
i also added special error logs if this fix will not work for different situations in the future..
published new version 2.6.0 that clean output certificate logs and more
from msix.
hey @marcov-dart
i publish new version 2.6.2 to fix #61,
please use 2.6.2 and update if its working for you
from msix.
Happy to hear that π
closing this issue
from msix.
Related Issues (20)
- [FEATURE REQUEST] Run an embbeded .exe in assets HOT 6
- Deleting the cached files like Shared Preferences and db file. HOT 2
- [BUG] dart run msix:create no longer works with Flutter 3.16 HOT 2
- [FEATURE REQUEST] Enable/Disable auto start on runtime
- π[BUG] Flutter Release build directory not foundπ HOT 3
- [BUG] msix can't sign using thumbprint in gitlab runner
- [FEATURE REQUEST] Option to output .msixbundle file HOT 2
- [QUESTION] Sign exe?
- [FEATURE REQUEST] Reenable appinstaller for web HOT 1
- [BUG] HOT 1
- [BUG] The installation wizard displays a blue background color beneath the app icon. HOT 1
- [BUG] HOT 1
- [BUG] Error after "dart run msix:create" command
- [FEATURE REQUEST] Option to setup custom path for signtool.exe
- [BUG] Missing DLL files HOT 4
- [BUG] startup_task parameters are not available in Windows 10
- runFullTrust configuration HOT 1
- [Question] Is there any way to generate an `.appxsym` symbol file for the Microsoft Store crash log collection?
- [BUG] Couldn't resolve the package 'flutter_gen' HOT 2
- Add install font option
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msix.