Packit offers built-in support for digitally signing the MSIX packages using Trusted Signing or a Certificate from the Store. To configure the digital signature settings for an MSIX go to its Application Information tab and click on Configure Digital Signature hyperlink:
Trusted Signing
End Point
Specify a URI value that aligns with the region your Code Signing Account and Certificate Profile were created in during the setup of these resources.
Account Name
Specify the Code Signing Account name.
Correlation ID
In this optional field, you can specify an opaque string value that you can provide to correlate sign requests with your own workflows such as build identifiers or machine names.
Timestamp service URL
A digital certificate has a validity period. After that period expires the signed code is not considered certified anymore. To prevent that a timestamp can be placed at the signing time which will show that the certificate was valid when the signing was done.
The “Timestamp service URL” specifies the URL of the timestamp server.
Certificate Store
Certificate
Select the certificate you want to use for signing
Timestamp service URL
A digital certificate has a validity period. After that period expires the signed code is not considered certified anymore. To prevent that a timestamp can be placed at the signing time which will show that the certificate was valid when the signing was done.
The “Timestamp service URL” specifies the URL of the timestamp server.
