Trouble Adding Wildcard Certificate to MSIX Installer in WPF App - Error: "The certificate you selected is not valid for signing"

Question

Description:

I am currently working on a WPF (Windows Presentation Foundation) application and I am trying to use MSIX Installer for deployment. In the process, I encountered an issue when attempting to add a wildcard certificate to the Package.appxmanifest file.

Problem:

After selecting the wildcard certificate and entering the password, I encounter an error dialog with the following message:

"The certificate you selected is not valid for signing because it is either expired or has another issue."

Error

Troubleshooting Steps Taken:

1. I verified that the wildcard certificate is not expired.
2. I double-checked the password for the certificate to ensure it is correct.
3. The certificate seems to be correctly installed on my machine.

Questions:

1. What could be causing this error, considering the certificate is not expired and the password is correct?
2. Are there specific requirements or considerations when using wildcard certificates with MSIX Installer in a WPF application?
3. Are there additional steps or configurations needed in the Package.appxmanifest file for using wildcard certificates?

Relevant Information:

• WPF Application
• MSIX Installer
• Wildcard Certificate (not expired)
• Error message: "The certificate you selected is not valid for signing because it is either expired or has another issue."

I appreciate any insights or suggestions to help resolve this issue. Thank you!

Answer 1

The key part here is

The certificate you selected is not valid for signing

Certificates for installed applications are not the same as certificates used for SSL/TLS. You have to get a special code signing certificate from a company like Symantec or GlobalSign, unless you do a self-signed certificate (but this is not a viable option for distribution). To my knowledge these certificates don't support wildcards either, FYI.

You should also be aware that if you don't pay the premium for an EV (extended/enhanced validation) certificate - where the issuer actually does a modest background check on your company - then Windows will give all your installing customers a big scary warning about your application.

One might call this system a form of racketeering (Nice app you got there... Shame if someone thought it was malicious...) I of course am not saying it is.