Creating the cert for Windows 8 Apps

The following howto was taken from the following website:

https://bytescout.com/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=296

Changes must be made to the makecert args, otherwise the Metro app won’t accept the pfx file!

INFO: http://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

.PFX file (Personal Information Exchange format) is the file containing both a public (.cer file) and a private (.pvk file) keys. You can use this file to sign your files and PDF documents (using Bytescout PDF SDK for .NET)

To generate .PFX certificate file please follow the tutorial:

1) Explore into C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin \ folder

2) type “cmd” to run command console (run as admin!)

3) type the following to generate new key and press Enter:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin>makecert.exe -eku 1.3.6.1.5.5.7.3.3 -ss My -cy end -n “CN=MY_DOMAIN” -r -a sha1 -sv MY_DOMAIN.pvk MY_DOMAIN.cer

4) “Create Private Key Password” dialog will appear. Enter your password for the key. NOTE: Write down the password and keep it in a safe place. Click OK to close this dialog. The “MyKey.pvk” file will be generated and saved into the same folder.

5) Now “Enter Private Key Password” dialog will appear. You should type the same password you’ve entered on step (4)
This will generate “MyKey.cer” file

Create the pfx file

7) Copy files: MyKey.pvk and MyKey.cer into C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin \ folder (if not already there…)

8) Type “cmd” to run command line console (in the C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\ folder) (run as Admin!)

9) Now merge MyKey.cer and MyKey.pvk into one single .pfx file (MyPFX.pfx file)

10) Type (in the command line): pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx

11) The “Enter Private Key Password” dialog will appear. Enter your password for the private key as you’ve entered on (4)

12) “MyPFX.pfx” file will be generated in the C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\ folder

NOTE: you can specify the password in the command line by using -po command line switch,
for example: pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po MyPasswordToSignPDF

Where “MyPasswordToSignPDF” is the password (different from the password for the .pvk on step (4). This password (MyPasswordToSignPDF) will be used as a last parameter for Document.AddSignature() method in Bytescout PDF SDK

For example:

If you have used the command line:Â pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po MyPasswordToSignPDF

Then you should use the following code in your application: Document.AddSignature(“MyPFX.pfx”, “John Doe”, “Approved”, false, “MyPasswordToSignPDF”);

Troubleshooting:

http://go.microsoft.com/fwlink/?LinkID=241478

Three changes:
1.The certificate lacks the Code Signing OID (1.3.6.1.5.5.7.3.3) in the Enhanced Key Usage extension. Add it using the -eku 1.3.6.1.5.5.7.3.3 argument to makecert.
2.Place the certificate into the My certificate store rather than the root certificate store by replacing -ss root with -ss My.
3.Ensure the certificate is an end entity in the Basic Constraints extension using the -cy end argument to makecert.

See MSDN Signing an app package (Windows Store apps) for more information on signing Windows Store apps and MakeCert for more information on makecert arguments.

http://stackoverflow.com/questions/12552442/create-a-temporary-certificate-manually

THE CERT MUST BE CREATED USING THE CORRECT PARAMETERS…

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin>makecert.exe -eku 1.3.6.1.5.5.7.3.3 -ss My -cy end -n “CN=MY_DOMAIN” -r -a sha1 -sv MY_DOMAIN.pvk MY_DOMAIN.cer

More info:

http://blogs.technet.com/b/deploymentguys/archive/2013/06/14/signing-windows-8-applications-using-an-internal-pki.aspx

http://msdn.microsoft.com/en-us/library/windows/apps/br230260.aspx