UWP won't install using App Installer

Question

I have a properly signed UWP application that I want my users to install using the new App Installer from Microsoft. In the screenshot you see the certificate path of my application. The UserTrust/Addtrust network is already in the trusted root folder and sideloading is enabled in Settings.

I have asked this on several forums and have researched this for a long time but I have not found any solution or way to troubleshoot the App Installer or the powershellscript AddDevPackage.ps

I am looking to find the right person at Microsoft to help me out because the responses on the MSDN forums just post the first google hit on sideloading an appx.

Please help me out.

Answer 1

So here is the full story on how to sideload an appxbundle using a comodo certificate

1. Get a Comodo SSL authenticode certificate

2. Export the certificate using a browser (Link), This certificate can be used in the Packaging section in the Package Manifest in Visual Studio. If you also want to sign the assembly, export again but this time, uncheck the include all certificates option.

2.b Also download and install these three certificates from Comodo.(Download Link). Open a search and type CertMgr, opening this will take you to the certificate manager. To the left, you can find Trusted Root folder and in there you can find certificates folder. In this folder, right click in an empty area and click import. Import the 'addtrustexternalcaroot' file. If there is already a comodo rsa file in here, open it and uncheck 'code signing'.

2.c Go to the intermediary root folder and its certificate folder. Here you import the other two files.

3. In Visual Studio, go to Project properties -> package manifest -> packaging and click Choose Certificate. Now you select the certificate which includes all the certificates in the path.

4. (optional) Go to project properties -> signing -> check 'Sign the assembly'. Now click choose certificate, enter your password and done.

5. Create an appxpackage

6. Verify the signing process by opening a cmd window and enter 'SignTool verify /pa 'path to your bundle here''

7. If all is well you should see something like this:

8. If the AddTrust/Usertrust root is not the top CA in your path, something went wrong and you have to try these steps again.

9. Let's say you upload your appxbundle folder as a zip file and download it on another PC. The smartscreen dialog will come up. It is possible that the publisher is 'unknown'. It is a matter of time before this is set correctly and will take more time and a build up of 'reputation' before the filter goes away.

10. Click run anyway and the app installer opens up. Click install. If there are any errors, open up a powershell and type Get-AppxLog. Here you can find all error info.

Done!

Question: Can I just upload the appxbundle and leave everything else behind?

Answer: Maybe, if the OS needs a dependency package like .Net Native Runtime appx, you can just upload both the x86 and x64 and have your clients download and install these before you let them install your main package. Be aware that the x86 and x64 packages are not interchangeable -> the native runtime is OS dependent.