Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Building POS Samples fails when signing the MPOS MSIX due to error "Export-PfxCertificate : Using ProtectTo parameter requires running as a domain account." #93

Closed
lukedgr opened this issue Nov 10, 2021 · 2 comments
Closed

Building POS Samples fails when signing the MPOS MSIX due to error "Export-PfxCertificate : Using ProtectTo parameter requires running as a domain account." #93

lukedgr opened this issue Nov 10, 2021 · 2 comments

Comments

@lukedgr
Copy link
Member

lukedgr commented Nov 10, 2021

Attempting to build the POS sample fails during MPOS app package signing when running as a user that is not attached to a domain and a signing cert does not already exist. See error and screenshot below.

Error Message:
"Export-PfxCertificate : Using ProtectTo parameter requires running as a domain account."

Screenshot:
DomainAccountError
@lukedgr
Copy link
Member Author

lukedgr commented Nov 10, 2021

This issue is due to a known limitation with the powershell APIs for creating a signing certificate. If the user is not signed in using a domain account we're not able to automatically generate the signing certificate for the MPOS solution due to a limitation with the Export-PfxCertificate powershell command and the ProtectTo option. To resolve this issue please follow these steps below to create a test certificate and for more details on app signing please refer to this article.

  1. Follow the steps in this article to create a test certificate for package signing.
  • Note: The publisherName for the certificate should match the "PackagePublisher" specified in the solution's CustomizationPackage.props file.
  1. Copy the created certificate to the ModernPOS project folder
  2. Update the ModernPos packaging project (jsproj) to reference the new test certificate by updating the "PackageCertificateKeyFile"
  3. Build & run the solution

@lukedgr lukedgr closed this as completed Nov 10, 2021
@fcaminada
Copy link

For future reference, the PFX file used to sign the ModernPOS package cannot be password-protected. To create PFX without a password the following commands can be used:

When exporting directly from the store using the thumbprint: (reference)
Export-PfxCertificate -cert "Cert:\CurrentUser\My<Certificate Thumbprint>" -FilePath .pfx -Password (new-object System.Security.SecureString)
The command must be run from a PowerShell command prompt.

When exporting from .cer and .pvk files:
Pvk2Pfx /pvk .pvk /pi /spc .cer /pfx .pfx /po ""
If the private key doesn't have a password /pi and /po can be omitted.

@madyke madyke transferred this issue from microsoft/Dynamics365Commerce.InStore May 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fcaminada @lukedgr