I have a Xamarin application that I also want to deploy on windows UWP. I tried to create a self-signed certificate with makecert.exe but Visual studio won't accept it. I followed this guide from microsoft. This is my command:
makecert.exe -n "CN=some AG" -r -pe -ss my -eku 1.3.6.1.5.5.7.3.3 ContosoTest.cer
When trying to import this certificate from certificate store in Visual studio Package.appxmanifest it will complain "Kein Zertifikat erfüllt die Anwendungskriterien" (sry about german, I switched computer to english but this persisted in german for some reason) roughly translates to "No certificate complies to the Applications criteria". When I export the certificate to a pfx file and try to import that, it will simply complain "The Manifest Designer could not import the certificate. The Manifest Designer could not import from file <filepath>.".
It works with test certificates created directly in the Package.appxmanifest editor, however it will not take the certificates from makecert, even though the official microsoft guide states it should work like that. The test certificates created by visual studio contain the same code signing purpose 1.3.6.1.5.5.7.3.3
I also tried it with powershell New-SelfSignedCertificate and Export-PfxCertificate however it had the same effect.
In order to avoid an XY Problem, here is the reason why I try to use a makecert certificate instead of a test certificate created by visual studio. The app package will be signed by the customer with a different certificate which he doesn't want to share the private key with us (understandable). According to him and google it should be possible to resign an app package using the signtool, if the certificates have the same publisher.
The certificate of our client includes apart from the CN=some AG also other information in form OU=blabla,O=some AG,L=city,S=state,C=DE. I cannot input this information in the name for a test certificate in visual studio. It will complain that the equal sign = is not allowed in the name. So I try to generate a certificate with these information another way. When visual studio did not take the certificate of makecert, I removed this extra information to see if that is the reason. However as you can see in the command above even a simple certificate with CN=some AG doesn't work, while visual studio allows me to create a certificate with such a simple name.
Any help appreciated. I have tried a lot of different ways to generate a certificate, only via make-cert and powershell was I able to add the code signing purpose, however even then visual studio won't take it. Even though the microsoft guide says it should.
I had a similar issue using New-SelfSignedCertificate and Export-PfxCertificate and basically the issue https://github.com/MicrosoftDocs/windows-uwp/issues/1281 from shanepowell for the Mircosoft Doc solved my problem.
To summarize you need to add the -TextExtension parameter to make the example work with import in Visual Studio.
And after that follow the Mircosoft doc: https://learn.microsoft.com/en-us/windows/uwp/packaging/create-certificate-package-signing
In your case I guess something like:
Now importing the pfx-file in Visual Studio should work.