0

When submitting applications to the Microsoft App Store, what are the digital signature requirements for the various installer types.

The store accepts three main installer types (EXE, MSI and MSIX). For which of the installer types, is it an absolute must to purchase your own code signing certificate from a certificate authority (CA), where the Microsoft Store will not digitally sign your apps for fee on your behalf ?

I am under the impression that for MSIX, Microsoft will sign your installer for free, and there is no need to purchase your own cert.

Also, when Microsoft signs the installers on your behalf, does it get rid of the "Unknown Publisher" warning, when installing?

Wayne
  • 3,359
  • 3
  • 30
  • 50
  • "I am under the impression that for MSIX, Microsoft will sign your installer for free, and there is no need to purchase your own cert." Where did you read that? I'd like to understand their exact offer. – Rob Mensching Aug 26 '23 at 23:45
  • @RobMensching please see this link, it's not an official source though: https://www.advancedinstaller.com/msix-publish-microsoft-store.html Quoted text: `Automatic Digital Signing - MSIX requires digital signing and, by publishing it to Microsoft Store, your app gets signed automatically. Therefore, you don’t need to buy a third-party CA (certification authority), and your app will have the credibility of being secure in case you use your own certification` -- (also you cannot buy a CA, but a cert) If this is true, then it's a big saving / motivation to use MSIX. – Wayne Aug 27 '23 at 00:58
  • @Wayne have you followed the steps from the above article when trying to publish your MSIX and didn't work? Sorry, but your initial question doesn't clearly state what you tried and did or did not work. – Bogdan Mitrache Aug 28 '23 at 07:00
  • @BogdanMitrache I have not followed the article. My journey started out as using `InnoSetup` an `EXE` installer, then realised I need exit codes not provided. Then I used `Wix` to get an `MSI`, so that I do not need to provide exit codes. Now I realise I possibly need a cert for `EXE` and `MSI`; Again I have to find another way, and `MSIX` might be the solution (free signing); Also `Wix` possibly does not provide `MSIX` for free. I have to find an alternative, probably use one of the converters, not ideal (with ease) if targeting multiple architectures `x86`, `x64`,`arm64`. – Wayne Aug 28 '23 at 08:53
  • If you go the MSIX route, your first option is to try the Windows Application Packaging Project from VS. If you need more features not supported by that you might want to evaluate other commercial/paid solutions. Whatever you do, don't try to build and MSI/EXE and then to convert it with the MSIX packaging tool. I talk more about this here: https://stackoverflow.com/questions/64702212/how-to-build-an-msix-from-comandline/64715653#64715653 – Bogdan Mitrache Aug 28 '23 at 10:11
  • Thanks @BogdanMitrache: Unfortunately my project is C++ MFC, and I do not think the `Windows Application Packaging Project` will work for this workload? `Advanced Installer`, seems like a good option for me at this point. – Wayne Aug 28 '23 at 10:50

0 Answers0