Personalized Community is here!
Quickly customize your community to find the content you seek.
Check out the latest Commerce updates!Learn about the key capabilities and features of Dynamics 365 Commerce and experience some of the new features.
Download overview guide | Watch Commerce video
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
I'm trying to generate a retail deployable package, I want the MPOS installer on that package to be digitally signed. In order for that to work in a build server the authenticode certificate has to be imported into the Azure Key Vault. We also have to modify some settings in the RetailSDK\BuildTools\Customization.settings file. But there is really no documentation that I can find that tells you how to do this. Can anyone provide at least a general overview on how to do this?
Can this link answer your question?
Thank you for your answer. That document shows the steps, but following them closely I still couldn't get the build procedure to sign the files. I used the thumbprint method and I had to do this in the customization.settings file:
<?xml version="1.0" encoding="utf-8"?><Project xmlns="">schemas.microsoft.com/.../2003"> <Import Project="retailPackagePaths.settings" Condition="Exists('retailPackagePaths.settings') AND $(PkgMicrosoft_Dynamics_Commerce_Runtime) == ''"/> <PropertyGroup> <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects> <ISVCustomizationSettingsHasBeenImported>true</ISVCustomizationSettingsHasBeenImported>
<!-- This section is for global settings and code signing. Any built file will inherit these values if applicable. Package manifest files will also use these values during package generation. --> <AssemblyNamePrefix Condition="'$(AssemblyNamePrefix)' == ''">HF</AssemblyNamePrefix> <CustomAssemblyVersion Condition="'$(CustomAssemblyVersion)' == ''">220.127.116.11</CustomAssemblyVersion> <CustomVersion Condition="'$(CustomVersion)' == ''">18.104.22.168</CustomVersion> <CustomName Condition="'$(CustomName)' == ''">HF Retail Customization</CustomName> <CustomDescription Condition="'$(CustomDescription)' == ''">HF Retail Customization</CustomDescription> <CustomPublisher Condition="'$(CustomPublisher)' == ''">CN=Some Company, LLC</CustomPublisher> <CustomPublisherDisplayName Condition="'$(CustomPublisherDisplayName)' == ''">Some Company, LLC</CustomPublisherDisplayName> <CustomCopyright Condition="'$(CustomCopyright)' == ''">Copyright Â© 2020</CustomCopyright>
<SignAssembly Condition="'$(SignAssembly)' == ''">false</SignAssembly> <DelaySign Condition="'$(DelaySign)' == ''">false</DelaySign> <AssemblyOriginatorKeyFile Condition="'$(AssemblyOriginatorKeyFile)' == '' and '$(SignAssembly)' == 'true'">$(MSBuildThisFileDirectory)\strongnamekey.snk</AssemblyOriginatorKeyFile>
<!-- The name of the cert must match the name of the publisher of the package which is the same as the CustomPublisher above. blogs.msdn.com/.../create-a-windows-store-appx-package-and-sign-it.aspx msdn.microsoft.com/.../jj835832(v=vs.85).aspx
The sample cert was generated like this: MakeCert /n "CN=Contoso Ltd." /r /h 0 /eku "22.214.171.124.126.96.36.199.3,188.8.131.52.4.1.3184.108.40.206" /e ""12/31/2037"" /sv appxsignkey.pvk appxsignkey.cer empty password as just for testing (Optional parameters for password protected cert [/pi "Password" /po "password"]) Pvk2Pfx.exe /pvk appxsignkey.pvk /spc appxsignkey.cer /pfx appxsignkey.pfx /pi ""
To use signing cert from certificate store, add thumbprint of the certificate below to ModernPOSPackageCertificateThumbprint property and comment out ModernPOSPackageCertificateKeyFile property. If certificate being used is password protected, then this method must be used.
Use the following command get the Thumpprint of the certificate powershell Get-ChildItem -Path Cert:\CurrentUser\My
ModernPOSPackageCertificateThumbprint cannot be used in VSTS builds, because the certificate can't be installed on the VSTS hosted machines. Instead the certificate must be restored to the file system using a secret manager, such as Azure KeyVault, and the argument ModernPOSPackageCertificateKeyFile should specify the path to the certificate. When consuming the signing certificate via ModernPOSPackageCertificateKeyFile, leave the ModernPOSPackageCertificateThumbprint variable empty. --> <ModernPOSPackageCertificateKeyFile Condition="'$(ModernPOSPackageCertificateKeyFile)' == ''"></ModernPOSPackageCertificateKeyFile> <ModernPOSPackageCertificateThumbprint Condition="'$(ModernPOSPackageCertificateThumbprint)' == ''">4ACC89878691F026E37FB3A961132DB6XXXX1948</ModernPOSPackageCertificateThumbprint>
<!-- To generate a self-signed Code Signing Certificate, use the following Powershell command: New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Subject "CN=Contoso Ltd." -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -KeyUsage DigitalSignature -Type CodeSigningCert
You can use the following Powershell command to get the thumbprint: Get-ChildItem -Path Cert:\CurrentUser\My --> <SelfServicePackageCertificateThumbprint Condition="'$(SelfServicePackageCertificateThumbprint)' == ''">4ACC89878691F026E37FB3A961132DB6XXXX1948</SelfServicePackageCertificateThumbprint>
<!-- Specify the name of the Windows Phone Modern POS package. Specify the name of the Android Modern POS phone package. Specify the name of the iOS Modern POS phone package. -->
Business Applications communities