No valid certificate found in APK. The signature file must be called META-INF/CERT.RSA

Question

I am trying to upload my apk to Clover Marketplace. I signed my apk using apksigner with v1 signature. But when I upload my apk to Clover Marketplace I get this error.

What am I missing?

• My app does not have META-INF folder anywhere. How to fix this?

I used this command to sign my apk

java -jar apksigner.jar sign --ks mykey.jks --ks-key-alias mykey --v2-signing-enabled false  --v3-signing-enabled false --out myapp.apk  ~/Desktop/app-release.apk 

Answer 1

AFAIK META-INF/CERT.RSA is part of an app apk that is generated when you sign your app with keystore.

You can run this command to see

jarsigner -verify -verbose -certs app/release/app-release.apk

Why I was getting errors?

In my case somehow the files were saved as META-INF/KEY0.SF, META-INF/KEY0.RSA. I believe that Clover marketplace rejects the app if the files are not saved as CERT.RSA

How did I fix it?

• I created a new keystore with keyalias "cert"
• resigned the apk.
• ran jarsigner -verify -verbose -certs app/release/app-release.apk to confirm

the files were renamed to META-INF/CERT.SF, META-INF/CERT.RSA

More discussion:

I don't know how the files got renamed after resigning the app. I tried again with another keyalias to see if it renames again. But it did not rename the files after they were renamed to CERT.RSA

Answer 2

For people facing the same problem on windows

I removed --v1-signer-name from example command clover provided and it worked.

The final full command is

apksigner.bat sign --ks keystore.jks --v1-signing-enabled=true --v2-signing-enabled=false --v3-signing-enabled=false --in app-release-unsigned.apk