When trying to deploy sideloaded apppackage you might get following error:
add-appxpackage : Deployment failed with HRESULT: 0x800B0109, A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider. (Exception from HRESULT: 0x800B0109)
error 0x800B0109: The root certificate of the signature in the app package must be trusted.
NOTE: For additional information, look for [ActivityId] … in the Event Log or use
the command line Get-AppxLog -ActivityID …
If the certificate is properly set in you certificate hive (Current User) it will pass the signature test procedure for Authenticode. However it can happen that deployment process of the package with valid signature fails.
This sounds a strange, but testing signature validates that the signature (certificate) is digitally valid. If you want to deploy the signed packed the machine itself must trust this certificate. I do not want to speculate now about
theoretical and practical meaning of this. It is a fact and it gives us a bit more security sugar on top.
The solution for this is to define the certificate trust in (Local Computer) hive. To do this open certificates in MMC and move (install) the certificate in one of following two nodes:
- Trusted Root Certificates
- Trusted People
How to create a package: http://msdn.microsoft.com/en-us/library/windows/apps/hh975357.aspx
How to share the package: http://technet.microsoft.com/en-us/library/hh852635.aspx#SideloadingRequirements
Posted
Apr 19 2013, 10:52 PM
by
Damir Dobric