web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Supply chain | Supply Chain Management, Commerce / Code Signing when gene...
Supply chain | Supply Chain Management, Commerce
Answered

Code Signing when generating a Retail Deployable Package

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

I'm trying to generate a retail deployable package, I want the MPOS installer on that package to be digitally signed. In order for that to work in a build server the authenticode certificate has to be imported into the Azure Key Vault. We also have to modify some settings in the RetailSDK\BuildTools\Customization.settings file. But there is really no documentation that I can find that tells you how to do this. Can anyone provide at least a general overview on how to do this?

Thanks!

I have the same question (0)
  • Verified answer
    Guanghui Profile Picture
    Guanghui on at

    Hi

    Can this link answer your question?

    docs.microsoft.com/.../pos-app-signing-certificate

  • Community Member Profile Picture
    Community Member on at

    Hi Guanghui,

    Thank you for your answer. That document shows the steps, but following them closely I still couldn't get the build procedure to sign the files. I used the thumbprint method and I had to do this in the customization.settings file:

    <?xml version="1.0" encoding="utf-8"?>
    <Project xmlns="">schemas.microsoft.com/.../2003">
    <Import Project="retailPackagePaths.settings" Condition="Exists('retailPackagePaths.settings') AND $(PkgMicrosoft_Dynamics_Commerce_Runtime) == ''"/>
    <PropertyGroup>
    <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
    <ISVCustomizationSettingsHasBeenImported>true</ISVCustomizationSettingsHasBeenImported>

    <!-- This section is for global settings and code signing. Any built file will inherit these values if applicable. Package manifest files will
    also use these values during package generation. -->
    <AssemblyNamePrefix Condition="'$(AssemblyNamePrefix)' == ''">HF</AssemblyNamePrefix>
    <CustomAssemblyVersion Condition="'$(CustomAssemblyVersion)' == ''">1.0.0.0</CustomAssemblyVersion>
    <CustomVersion Condition="'$(CustomVersion)' == ''">1.0.0.1</CustomVersion>
    <CustomName Condition="'$(CustomName)' == ''">HF Retail Customization</CustomName>
    <CustomDescription Condition="'$(CustomDescription)' == ''">HF Retail Customization</CustomDescription>
    <CustomPublisher Condition="'$(CustomPublisher)' == ''">CN=Some Company, LLC</CustomPublisher>
    <CustomPublisherDisplayName Condition="'$(CustomPublisherDisplayName)' == ''">Some Company, LLC</CustomPublisherDisplayName>
    <CustomCopyright Condition="'$(CustomCopyright)' == ''">Copyright © 2020</CustomCopyright>

    <SignAssembly Condition="'$(SignAssembly)' == ''">false</SignAssembly>
    <DelaySign Condition="'$(DelaySign)' == ''">false</DelaySign>
    <AssemblyOriginatorKeyFile Condition="'$(AssemblyOriginatorKeyFile)' == '' and '$(SignAssembly)' == 'true'">$(MSBuildThisFileDirectory)\strongnamekey.snk</AssemblyOriginatorKeyFile>

    <!--
    The name of the cert must match the name of the publisher of the package which is the same as the CustomPublisher above.
    blogs.msdn.com/.../create-a-windows-store-appx-package-and-sign-it.aspx
    msdn.microsoft.com/.../jj835832(v=vs.85).aspx

    The sample cert was generated like this:
    MakeCert /n "CN=Contoso Ltd." /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /e ""12/31/2037"" /sv appxsignkey.pvk appxsignkey.cer
    empty password as just for testing (Optional parameters for password protected cert [/pi "Password" /po "password"])
    Pvk2Pfx.exe /pvk appxsignkey.pvk /spc appxsignkey.cer /pfx appxsignkey.pfx /pi ""

    To use signing cert from certificate store, add thumbprint of the certificate below to ModernPOSPackageCertificateThumbprint property and
    comment out ModernPOSPackageCertificateKeyFile property.
    If certificate being used is password protected, then this method must be used.

    Use the following command get the Thumpprint of the certificate
    powershell Get-ChildItem -Path Cert:\CurrentUser\My

    ModernPOSPackageCertificateThumbprint cannot be used in VSTS builds, because the certificate can't be installed on the VSTS hosted machines.
    Instead the certificate must be restored to the file system using a secret manager, such as Azure KeyVault, and the argument ModernPOSPackageCertificateKeyFile should specify the path to the certificate.
    When consuming the signing certificate via ModernPOSPackageCertificateKeyFile, leave the ModernPOSPackageCertificateThumbprint variable empty.
    -->
    <ModernPOSPackageCertificateKeyFile Condition="'$(ModernPOSPackageCertificateKeyFile)' == ''"></ModernPOSPackageCertificateKeyFile>
    <ModernPOSPackageCertificateThumbprint Condition="'$(ModernPOSPackageCertificateThumbprint)' == ''">4ACC89878691F026E37FB3A961132DB6XXXX1948</ModernPOSPackageCertificateThumbprint>

    <!--
    To generate a self-signed Code Signing Certificate, use the following Powershell command:
    New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Subject "CN=Contoso Ltd." -KeyAlgorithm RSA -KeyLength 2048 -KeyExportPolicy Exportable -KeyUsage DigitalSignature -Type CodeSigningCert

    You can use the following Powershell command to get the thumbprint:
    Get-ChildItem -Path Cert:\CurrentUser\My
    -->
    <SelfServicePackageCertificateThumbprint Condition="'$(SelfServicePackageCertificateThumbprint)' == ''">4ACC89878691F026E37FB3A961132DB6XXXX1948</SelfServicePackageCertificateThumbprint>

    <!--
    Specify the name of the Windows Phone Modern POS package.
    Specify the name of the Android Modern POS phone package.
    Specify the name of the iOS Modern POS phone package.
    -->

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Supply chain | Supply Chain Management, Commerce

#1
Laurens vd Tang Profile Picture

Laurens vd Tang 299 Super User 2025 Season 2

#2
Siv Sagar Profile Picture

Siv Sagar 183 Super User 2025 Season 2

#3
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 117 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Quality order uses default receipt location instead of actual physical receipt location

Product updates

Dynamics 365 release plans