@@ -128,14 +128,19 @@ SignTool.exe sign /fd SHA256 /a /f <path to certificate>\MyCertificate.pfx /p <c
128128```
129129
130130> [ !IMPORTANT]
131- > When using a ** self-signed certificate** for local development, you must add it to the ** Trusted People** certificate store on your machine before ` Add-AppxPackage ` will accept it. Without this step, registration fails with ` CERT_E_UNTRUSTEDROOT ` (0x800B0109).
131+ > When using a ** self-signed certificate** for local development, you must add its ** public certificate** to the ** Trusted People** certificate store before ` Add-AppxPackage ` will accept it. Without this step, registration fails with ` CERT_E_UNTRUSTEDROOT ` (0x800B0109).
132+ >
133+ > Keep the ` .pfx ` file private — it contains the private key and should only be used for signing. For the trust step, export a ` .cer ` (public cert only) and import that:
132134>
133135> ``` PowerShell
134- > Import-PfxCertificate -FilePath "<path>\MyCertificate.pfx" `
135- > -CertStoreLocation Cert:\LocalMachine\TrustedPeople `
136- > -Password (ConvertTo-SecureString -String "<password>" -Force -AsPlainText)
136+ > $cert = Get-PfxCertificate -FilePath "<path>\MyCertificate.pfx"
137+ > Export-Certificate -Cert $cert -FilePath "<path>\MyCertificate.cer"
138+ > Import-Certificate -FilePath "<path>\MyCertificate.cer" `
139+ > -CertStoreLocation Cert:\CurrentUser\TrustedPeople
137140> ```
138141>
142+ > For machine-wide installs, use `Cert:\LocalMachine\TrustedPeople` instead (requires elevation).
143+ >
139144> Production certificates issued by a trusted CA do not require this step.
140145
141146Note: For how to build and sign the identity package within a CI/CD pipeline with production certificates,
@@ -222,7 +227,7 @@ powershell.exe -NoLogo -NoProfile -NonInteractive -WindowStyle Hidden -Execution
222227To unregister the identity package during a machine-wide uninstallation:
223228
224229``` Console
225- powershell.exe -NoLogo -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$packages = Get-AppxPackage <PackageName>; foreach ($package in $packages ) { Remove-AppxProvisionedPackage -PackageName $package.PackageFullName -Online }; foreach ($package in $packages) { Remove-AppxPackage -Package $package.PackageFullName -AllUsers }"
230+ powershell.exe -NoLogo -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$packages = Get-AppxPackage -AllUsers -Name <PackageName>; $provisioned = Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq '<PackageName>' }; foreach ($p in $provisioned ) { Remove-AppxProvisionedPackage -PackageName $p.PackageName -Online }; foreach ($package in $packages) { Remove-AppxPackage -Package $package.PackageFullName -AllUsers }"
226231```
227232
228233* Set ` <PackageName> ` to the package name you defined in your identity package manifest
@@ -266,7 +271,7 @@ await packageManager.AddPackageByUriAsync(packageUri, options);
266271// Unregister the identity package during uninstall
267272
268273var packageManager = new PackageManager ();
269- var packages = packageManager .FindPackagesForUserWithPackageTypes (" " " <IdentityPackageFamilyName>" PackageType .Main );
274+ var packages = packageManager .FindPackagesForUserWithPackageTypes (" " " <IdentityPackageFamilyName>" PackageTypes .Main );
270275foreach (var package in packages )
271276{
272277 await packageManager .RemovePackageAsync (package .Id .FullName );
@@ -312,7 +317,7 @@ await packageManager.ProvisionPackageForAllUsersAsync(packageFamilyName);
312317
313318var packageManager = new PackageManager ();
314319
315- var packages = packageManager .FindPackagesForUserWithPackageTypes (" " " <IdentityPackageFamilyName>" PackageType .Main );
320+ var packages = packageManager .FindPackagesForUserWithPackageTypes (" " " <IdentityPackageFamilyName>" PackageTypes .Main );
316321foreach (var package in packages )
317322{
318323 await packageManager .DeprovisionPackageForAllUsersAsync (package .Id .FullName );
0 commit comments