Create MSIX files

Introduction #

The MSIX format is a Windows app package format used to create and distribute applications in Windows 10/11. These MSIX files are usually not available via a simple download, as they need to be certified and “repackaged” before being installed on Windows devices.

MSIX Packaging Tool #

The creation of MSIX files requires the MSIX Packaging Tool, which can be downloaded from the Microsoft Store → and installed on a Windows device.

Certificate creation #

The next step is to create a certificate. This can be done comfortably via the Powershell. To do this, change the name of the certificate and/or the password if necessary.

    # Generate a new self signed certificate with the subject 'CN=Relution', the key algorithm RSA,
    # the key length 2048, the key usage DigitalSignature and the type CodeSigningCert and save it in the personal
    # in the personal certificate store of the current user
    $Newcert = New-SelfSignedCertificate -Subject 'CN=Relution' -KeyAlgorithm RSA -KeyLength 2048 -KeyUsage DigitalSignature -Type CodeSigningCert     -CertStoreLocation Cert:\CurrentUser\My

    # Get the thumbprint of the newly generated certificate
    $trumbprint = $Newcert.Thumbprint

    # Get the certificate object from memory by its thumbprint
    $cert = (Get-ChildItem -Path cert:\CurrentUser\My\$trumbprint)

    # check if the certificate was retrieved successfully
    if($cert -ne $null){
      # convert the plaintext password string to a secure string
      $Secure_String_Pwd = ConvertTo-SecureString "Passw0rd" -AsPlainText -Force

      # Export the certificate to a PKCS#12 file on the user's desktop
      Export-PfxCertificate -Cert $cert -FilePath $env:USERPROFILE\desktop\MSIXZertifikat.pfx -Password $Secure_String_Pwd

      # Remove the certificate from memory
      Remove-Item cert:\CurrentUser\My\$trumbprint
    }

The created certificate must be stored in the Trusted Root Certification Authorities category on all Windows 10/11 devices where MSIX files are to be installed. This can be done either with Relution via the policy configuration Certificates or manually, directly on the devices. The password string in the example is passw0rd. To add the certificate manually, start the certificate management Manage Computer Certificates as an administrator.

Creation of MSIX files #

Start the MSIX Packaging Tool and select the option to create a new app package. Uncheck Windows Search is active in the following dialogue.

In the example, we create a MSIX file for Notepad++. First, a setup file has to be downloaded. Then a file and the certificate in the MSIX Packaging Tool have to be selected. The Signature Preference must be set to Sign with a certificate (.pfx).

The appropriate fields have to be filled in.

Now, the installer of Notepad++ starts. It should be run normally and the configurations have to be set according to the needs.

In the MSIX Packaging Tool click on Next and Yes, continue when the installation of Notepad++ is finished.

The tool will indicate that no services have been installed and detected. In the last dialog box you can specify the location of the package. Finish the creation by clicking Create.