MSIX Update : Signing code with Timestamp server

For the history visit this link that gives you the backgrouind: 

https://www.a6n.co.uk/2022/05/signing-code-with-timestamp-server.html

However, if you sign a MSIX package you will notice that your get the error:

SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign:packages.msix

If you get the above error about "package not recognised" then you are using the wrong version of the signtool.exe - to fix this upgrade your version to the Windows 11 SDK version

When you get the new version this "package not recognised" will be replaced with this error:

SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)

To find out what is going on on the command add a /debug after the work sign and you will get this:

The following certificates were considered:

Issued to: Growling Bears

Issued by: Master Uber Bear

Expires: Fri May 26 10:06:43 2023

SHA1 hash: 564E3CB6C90DAF246297CBA5F512B618E4DFBAF5

After EKU filter, 1 certs were left.

After expiry filter, 1 certs were left.

After Private Key filter, 1 certs were left.

The following certificate was selected:

Issued to: Growling Bears

Issued by: Master Uber Bear

Expires: Fri May 26 10:06:43 2023

SHA1 hash: 564E3CB6C90DAF246297CBA5F512B618E4DFBAF5

The following additional certificates will be attached:

Done Adding Additional Store

SignTool Error: An unexpected internal error has occurred.

Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b)


This will tell you the certificate its using, this is all good, but will the error will still remain to figure the cause of the issue you will need to navigate the event log and open up this path:

Microsoft-Windows-AppxPackaging/Operational

You will notice this:

error 0x8007000B: The app manifest publisher name (CN=Little Bear Packaging) must match the subject name of the signing certificate (CN=Uber Bear Packaging, O=Bear Land, L=Alaska, C=CA).

So this tells us that the package is signed as "CN=Little Bear Packaging" but the certificate you are signing this package as is signing as "CN=Uber Bear Packaging, O=Bear Land, L=Alaska, C=CA"

So to fix this issue update the application to match the certificate CN which can do done when you package or if you have created your packages can be done with MSIX manager from the Windows Store download from this link : https://apps.microsoft.com/store/detail/msix-packaging-tool/9N5LW3JBCXKF?hl=en-gb&gl=GB