With version 10.0.12 (10.0.507.20001). I create a custom certificate file followed by instruction in Customization.settings.
<!--
The name of the cert must match the name of the publisher of the package which is the same as the CustomPublisher above.
blogs.msdn.com/.../create-a-windows-store-appx-package-and-sign-it.aspx
msdn.microsoft.com/.../jj835832(v=vs.85).aspx
The sample cert was generated like this:
MakeCert /n "CN=Contoso Ltd." /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /e ""12/31/2037"" /sv appxsignkey.pvk appxsignkey.cer
empty password as just for testing (Optional parameters for password protected cert [/pi "Password" /po "password"])
Pvk2Pfx.exe /pvk appxsignkey.pvk /spc appxsignkey.cer /pfx appxsignkey.pfx /pi ""
To use signing cert from certificate store, add thumbprint of the certificate below to ModernPOSPackageCertificateThumbprint property and
comment out ModernPOSPackageCertificateKeyFile property.
If certificate being used is password protected, then this method must be used.
Use the following command get the Thumpprint of the certificate
powershell Get-ChildItem -Path Cert:\CurrentUser\My
ModernPOSPackageCertificateThumbprint cannot be used in VSTS builds, because the certificate can't be installed on the VSTS hosted machines.
Instead the certificate must be restored to the file system using a secret manager, such as Azure KeyVault, and the argument ModernPOSPackageCertificateKeyFile should specify the path to the certificate.
When consuming the signing certificate via ModernPOSPackageCertificateKeyFile, leave the ModernPOSPackageCertificateThumbprint variable empty.
-->
Then, add its trumbprint into: -
<ModernPOSPackageCertificateKeyFile Condition="'$(ModernPOSPackageCertificateKeyFile)' == ''"></ModernPOSPackageCertificateKeyFile>
<ModernPOSPackageCertificateThumbprint Condition="'$(ModernPOSPackageCertificateThumbprint)' == ''">0567C6AFA10B7CE67E509D629C4402D188AB034F</ModernPOSPackageCertificateThumbprint>
<SelfServicePackageCertificateKeyFile Condition="'$(SelfServicePackageCertificateKeyFile)' == ''"></SelfServicePackageCertificateKeyFile>
<SelfServicePackageCertificateThumbprint Condition="'$(SelfServicePackageCertificateThumbprint)' == ''">0567C6AFA10B7CE67E509D629C4402D188AB034F</SelfServicePackageCertificateThumbprint>
I import the new cert file to
- Local system -> Personal
- Current user -> Personal
After I built package, the signing cert show in Digital Signatures tab.
But once I install it and try to activate MPOS, I got errors. Below logs are respectively from Event Viewer > Application and Services Logs > Microsoft > Dynamics > Commerce-ModernPos > Operation
- Ping health check url: https://xxxxx.sandbox.operations.dynamics.com/healthcheck?testname=ping&ResultFormat=json
- DeviceAuthenticationProvider.acquireToken did not find a device token in the application stroage.
- The environment configuration was successfully loaded from the server and set on the app. Config: '{"EnvironmentId":"82f8bad9-1052-4944-847c-662eda393799","EnvironmentName":"82f8bad9-1052-4944-847c-662eda393799","TenantId":"xxxxxxx","ClientAppInsightsInstrumentationKey":"2d016f91-bbf2-48c8-8450-f78485f18ac7","HardwareStationAppInsightsInstrumentationKey":"0f787160-4711-4b32-8f97-579538b1189f","WindowsPhonePosAppInsightsInstrumentationKey":"309f41bf-f6b1-4ed8-9dfc-b29883f5d6d4","BaseVersion":"9.22.20226.10","ScaleUnit":{"Id":"scu0ylfnt5a22241310","Name":"southeast-asia-1","Region":"southeast asia"},"AADAuthority":"https://sts.windows.net/"}'.
- Setting up AAD AccountSettingsPane for the authority 'https://login.windows.net/'. Correlation Id = '4a63b4b0-6bd0-b62f-5f23-ba879b479e03'.
- AAD token was acquired for the authority 'https://login.windows.net/'. Correlation Id = '4a63b4b0-6bd0-b62f-5f23-ba879b479e03'.
- Call to the AAD at https://login.windows.net/ failed with error: 3399614473 - AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'd6b5a0bd-bf3f-4a8c-b370-619fb3d0e1cc'.
Trace ID: f05def0d-4b38-45b7-ac5c-2b077f9a5900
Correlation ID: 998a3251-6763-48a3-ab1b-5c1dd4a275ab
Timestamp: 2020-09-18 02:15:05Z. Possible reason: the user cancelled authentication process. - Retrieving user authentication token for resource identifier 'https://commerce.dynamics.com' failed with error: Sorry, something went wrong while authenticating you. Try again. If you still can't access the POS, contact your system admin..
- The device activation operation failed.
Seems like AAD can't accept the EXE with custom cert. With same Identify Providers in HQ, I can activate CPOS but can't activate MPOS.
Is there anyone experience this problem? Please kindly advise the solution.