Search code examples
visual-studiouwpwin-universal-appwindows-10-universalsigntool

UWP - SignTool Error: No certificates were found that met all the given criteria

I'm getting this error after our company changed its AD domain. UWP app development with VS 2019 and Windows 10 (1903)

C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(4469,5): error APPX1204: Failed to sign 'D:\AzureDevOps-Workspace\UWP\Main\BoardPACWinApp\bin\x64\Release\BoardPACWinApp_3.51.11.0_x64.appx'. SignTool Error: No certificates were found that met all the given criteria. 5>C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(4469,5): error APPX1204: ========== Build: 4 succeeded, 1 failed, 1 up-to-date, 0 skipped ==========

As soon as we've migrated to the new domain no one can create an app package to publish to the Microsoft store or to sideload. Project is running under debug and release modes. Only issue is that it does not allow to publish.

enter image description here

I have tried opening the project on VS 2015 and creating a test certificate but no luck. (Not sure the test certificate has to do anything about this error though) In UWP, Signing tab is by default disabled.

enter image description here

Everything was ok until the domain change. Administer privileges also given to us on the new domain.

I tried repairing the VS 2019 and no change.

signtool.exe also available in the PC.

I looked at the verbose enabled output windows to see if anything is missing. but besides "No certificates were found that met all the given criteria." there were no other issue logged.

I can see all the valid certificates and they haven't got expired

Highly appreciated all your solutions and guidance. Thank you.

Solution

  • Good news! I found a solution which worked for me and I hope this will works for you all as well.

    When your domain changed all the test certificates you used on your UWP app will gets invalid. SO you have to create a new certificate on new domain in order to get the app publishing to work. I'm not a big fan of command line so what I did was, using the VS 2015 I generates a test certificate as per the image below. When it's done creating it in VS 2019 you will see the new certificate you create under new domain and it works like a charm.

    enter image description here

    I heard MakeCert tool can be used to create the certificate without needing the VS 2015.

    You also can create a certificate that can be used by your co-workers. Refer to the image below.

    enter image description here

    Use the IE to get to your code signing certificates and do the export as per the screenshot above. Simply add their domain accounts when exporting and ask them to import it under "Current user" on their PC.