No certificates were found that met all the given criteria visual studio

I’m getting this error after our company changed its AD domain. UWP app development with VS 2019 and Windows 10 (1903)

C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(4469,5): error APPX1204: Failed to sign ‘D:\AzureDevOps-Workspace\UWP\Main\BoardPACWinApp\bin\x64\Release\BoardPACWinApp_3.51.11.0_x64.appx’. SignTool Error: No certificates were found that met all the given criteria. 5>C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VisualStudio\v16.0\AppxPackage\Microsoft.AppXPackage.Targets(4469,5): error APPX1204: ========== Build: 4 succeeded, 1 failed, 1 up-to-date, 0 skipped ==========

As soon as we’ve migrated to the new domain no one can create an app package to publish to the Microsoft store or to sideload. Project is running under debug and release modes. Only issue is that it does not allow to publish.

I have tried opening the project on VS 2015 and creating a test certificate but no luck. (Not sure the test certificate has to do anything about this error though) In UWP, Signing tab is by default disabled.

Everything was ok until the domain change. Administer privileges also given to us on the new domain.

I tried repairing the VS 2019 and no change.

signtool.exe also available in the PC.

I looked at the verbose enabled output windows to see if anything is missing. but besides «No certificates were found that met all the given criteria.» there were no other issue logged.

I can see all the valid certificates and they haven’t got expired

Highly appreciated all your solutions and guidance. Thank you.

No certificates were found that met all the given criteria visual studio

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

I’m using signtool to sign an exe file as following commands:

application.pfx is official file from Veri Sign organization, and I imported it into Persional Certificates as well as Trusted Root Certification Authorities of Local Computer and Current User.

I also tried to sign by using signwizard, it’s success but after verify the error occured

How to solve this error?

I also referenced to other link but still cannot solve.

Answers

Yep, the links you’ve provided is not clear on how to use the SignTool.exe.

Here is the detailed specifications on how to use the SignTool.exe:

You can’t verify the application since you failed to sign the application.

The examples in the link above will show you the way to sign your application. And you should make sure that whether the signatures has paswords or not. And whether the time-stamps files is correct or not.

If you have any questions, please feel free to tell us.

Neddy Ren [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

No certificates were found that met all the given criteria visual studio

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

I am moving from Visual Studio 2013 to Visual Studio 2017 (community). I have a couple of programs I developed in 2013 and have tried compile them in 2017 and get the following error:

SignTool Error: No certificates were found that met all the given criteria.

These would compile no problem in 2013 so what am I doing wrong?

Answers

Hi and thanks for the reply. I kind of resolved the issue on my own. Here is what I did to transfer over to 2017 and what I did to resolve the issue.

I use cloud storage to hold my projects so that I can work on them from my desktop or my laptop and have the current version to work on. I installed Visual Studio 2017 community on my Laptop (keeping Visual Studio 2013 Express on my desktop).

In order to make sure that I don’t screw-up this project I made a complete copy of the project folder under a Visual Studio 2017 folder and started to work in that folder. This also copied the Certificate as that is in the project folder.

I then started to work on VS 2017 on my laptop.

When I got that error I went to the folder that held the certificate and double clicked it but for some reason it would not install (it actually opened in a notepad type of window). I know that sounds weird but that is what happened.

So what I did was I moved the certificate to the desktop (for safe keeping). I then opened the project in VS 2017 and deleted the certificate from the Solution Explorer Window. I then went to the Project > Properties > Signing window and checked the «Sign the Assembly» checkbox and signed it. I left the «Sign the ClickOnce Manifests» checkbox checked.

This installed a new temp certificate and I can now work on this project in 2017 on my laptop. I can now start testing to see how 2017 works and see if I want to move to this version.

question

Signtool no certificates found

Anyone have any advice on this? I think maybe my certificate was not setup properly but i’m not sure.

Any assistance would be much appreciated, thanks!

c:\Program Files (x86)\Windows Kits\10\App Certification Kit> signtool sign /f c:\Users\myname\Desktop\servocert.pfx /p mypassword c:\Users\mynameDocuments\National Intruments\NI_VISA\prefix\prefix.cat

SignTool Error: No certificates were found that met all the given criteria.

c:\Program Files (x86)\Windows Kits\10\App Certification Kit> signtool sign /debug /f c:\Users\myname\Desktop\servocert.pfx /p mypassword (mydllexectuable).exe

The following certificates were considered:

After EKU filter, 0 certs were left.

After expiry filter, 0 certs were left.

After Private Key filter, 0 certs were left.

SignTool Error: No certificates were found that met all the given criteria.

Hi, @mk555-1673
Was the issue resolved?
If any reply is useful for you, please accept it as answer.
If you have any issue or concern, please reply to us directly.
Best Regards.

3 Answers

Hi,
Based my research, SignTool not able to find the certificate or the certificate expired.
To See if the certificate is expired or not, open project properties and go to Signing in Left menu.
You might need to create a new certificate and select from file.
Or create a new wpf project and copy the certificate from the root project folder and paste in the current project and rename it.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information

============================================
If the Answer is helpful, please click «Accept Answer» and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Signtool error: No certificates were found that met all given criteria with a Windows Store App?

I’m trying to sign a Windows 8 appx package with a pfx file I have. I’m using a command like so:

And from this, I get:

SignTool Error: No certificates were found that met all the given criteria.

What «criteria» am I not meeting? This is only for testing so these are self-signed certificates. I’ve tried importing the key and then signing it, but it always results in the same error. How do I fix this?

21 Answers 21

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

When getting this error through Visual Studio it was because there was a signing certificate setup to match the computer it was originally developed on.

You can check this by going to the project properties > signing tab and checking the certificate details.

You can uncheck «Sign the ClickOnce manifests» to disable signing.

If you don’t want to turn this option off you will have to install the certificate.

Try with /debug. 1,2 As in :

It will help you find out what is going on. You should get output like this:

You can see what filter is causing your certificate to not work, or if no certificates were considered.

I changed the hashes and other info, but you should get the idea. Hope this helps.

I got the same problem in my console application development and as a quick workaround,

go to project properties then,

click on signing tab and uncheck «Sign the ClickOnce Manifest».

Image Description:

FYI You can also see this less one minute video solution. The above picture is taken form the video.

Please always check your certificate expiry date first because most of the certificates have an expiry date. In my case certificate has expired and I was trying to build project.

If you do not have to sign the app, right click on your project

Also as this MS article suggests,

In my case I have the wrong type of certificate that I am trying to associate.
I had «Server Authentication» rather than «Code signing».
You should be able to see this in Certificate snap in the Intended Purpose section.
After that, it just work fine.

just uncheck the ‘Sign the click once manifests’ from the signing tab in project properties,it will remove the error and you can create a new one as from there.

In case anyone else runs into this: My problem ended up being that I needed to run the command prompt as administrator before using the signtool.exe app. Then everything works wonderfully.

I had this problem and I’m not entirely sure which step below made it work, but hope this helps somebody else. this is what I did:

I’m having the same problem, reading some answers (posted here), I saw my certificate expired.

Just create a new one from my start project. Then at certificates manager deleted the expired certificate.

Now everything compiles fine.

The criteria include account name (whose private key it is associated with), domain, company, expiration date, intended purposes, among other things.

There are many different possible reasons for this error to occur, some have been listed already. Here is another tip: When importing a certificate, be sure you work with the original file received from the certificate authority (CA), or else some of the properties might be lost.

Example: recently I tried to import a certificate exported from a different account on the same machine. The certificate became visible to my account but was not associated with my account, and as a result signtool refused to recognize it without explicitly providing the file name and a password. Which, when done as part of the build process and written out explicitly in a batch file or source file, may not be sufficiently secure. (Importing the original CA-issued certificate solved it.)

I had the same «After Private Key filter, 0 certs were left» message and spent too much of my life trying to figure out what the message meant.

The problem was that I had installed the certificate incorrectly in the Windows Certificate store so there was no private key associated with the code signing certificate.

What I should have done was this:

Using either Firefox or Internet Explorer, submit the request to the issuer. This generates a PRIVATE KEY which is stored silently by the browser (a dialog appears for a fraction of a second in Firefox). Note that other browsers may not work: your life is too short to find out if they do.

Submit the request, jump through the issuer’s validation hoops and loops, sacrifice a goat, pray to the gods, submit a signed statement from your great grandparents, etc.

Download the certificate (.crt) and import it into the same browser. The browser now has both the private key and the certificate.

Export the certificate from the browser as a Personal Information Exchange (.p12) file. You will be asked to supply a password to protect this file.

Run signtool successfully, breathe a sigh of relief, and ponder how much of your life you have wasted due to bad error messages and poor or missing documentation.