Batch – Create PFX Certificate – Sign Code or Package; MSIX

email me

:: MrNetTek
:: https://eddiejackson.net/blog
:: 9/16/2020
:: free for public use
:: free to claim as your own

@echo off

cd "%~dp0"

:: STEP 1

:: C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86
makecert.exe ^
-n "CN=CodeSign" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv CodeSign.pvk ^
CodeSign.cer


:: STEP 2

:: C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86
pvk2pfx.exe ^
-pvk CodeSign.pvk ^
-spc CodeSign.cer ^
-pfx CodeSign.pfx ^
-po PasswordHere

exit /b 0

 

Step 3

Import PFX into Local Computer > Trusted Root Certification Authorities.

 

Step 4

Sign your code or package using PFX.

 


Notes

 

makecert.exe

pvk2pfx.exe

signtool.exe

SignTool sign /fd SHA256 /a /f SignCert.pfx /p password YourPackage.msix

SignTool sign /fd SHA256 /a /f SignCert.pfx /p password /tr timestampServerUrl YourPackage.msix

 

Example of a working PFX

I created a MSIX installer using the Microsoft MSIX Packaging Tool and signed it.