Signtool error: No certificates were found that met all given criteria with a Windows Store App?

Question

I\'m trying to sign a Windows 8 appx package with a pfx file I have. I\'m using a command like so:

signtool.exe sign /fd sha256 /f \"key.pfx\" \"app.appx\"
<         


        

Answer 1

When getting this error through Visual Studio it was because there was a signing certificate setup to match the computer it was originally developed on.

You can check this by going to the project properties > signing tab and checking the certificate details.

You can uncheck "Sign the ClickOnce manifests" to disable signing.

If you don't want to turn this option off you will have to install the certificate.

Answer 2

My problem ended up being that I did not understand the signtool options. I had provided the /n option with something that did not match my certificate. When I removed that it stopped complaining.

Answer 3

I had the same "After Private Key filter, 0 certs were left" message and spent too much of my life trying to figure out what the message meant.

The problem was that I had installed the certificate incorrectly in the Windows Certificate store so there was no private key associated with the code signing certificate.

What I should have done was this:

1. Using either Firefox or Internet Explorer, submit the request to the issuer. This generates a PRIVATE KEY which is stored silently by the browser (a dialog appears for a fraction of a second in Firefox). Note that other browsers may not work: your life is too short to find out if they do.

2. Submit the request, jump through the issuer's validation hoops and loops, sacrifice a goat, pray to the gods, submit a signed statement from your great grandparents, etc.

3. Download the certificate (.crt) and import it into the same browser. The browser now has both the private key and the certificate.

4. Export the certificate from the browser as a Personal Information Exchange (.p12) file. You will be asked to supply a password to protect this file.

5. Keep a backup copy of the .p12 file.

6. Run the Certificate Manager (certmgr.msc), right click on the Personal certificate store, select All Tasks/Import... and import the .p12 file into Windows. You will be asked for the password you used to protect the file. At this point, depending upon your security requirements, you can mark the key as exportable so you can restore a copy from the Windows store. You can also mark that a password is required before use if you want to break batch scripts.

7. Run signtool successfully, breathe a sigh of relief, and ponder how much of your life you have wasted due to bad error messages and poor or missing documentation.

Answer 4

Go to project properties and uncheck all fields from the Firm before init the compilation

Answer 5

just uncheck the 'Sign the click once manifests' from the signing tab in project properties,it will remove the error and you can create a new one as from there.

Answer 6

Got the same issue, turned out that the private key to the certificate had no permission.
To fix - open the certifacte management, find your certificate, right click -> Manage Private Keys and then in security on top be sure that your user is added and given permissions, that fixed it for me.