I have spent too long recently trying to sign a UWP .MSIXBUNDLE generated from an Azure DevOps build using the SignTool.exe and our code signing certificate. I kept getting the error
Done Adding Additional Store
Error information: "Error: SignerSign() failed." (-2146958839/0x80080209)
From past experience, SignTool errors are usually due to the publisher details in the XML manifest files (in this case unpack the bundle with MakeAppx.exe and look in AppxMetadata\AppxBundleManifest.xml, and also check the manifest in the bundled .MSIX files) does not match the subject details for the PFX file being used for signing.
Or so I thought…..
Turns out you can get this error too if you use the wrong version of the SignTool, but it give no clue to this fact.
So the top tip is …
Make sure you use the SignTool.exe from the same folder as the MakeAppx.exe tool. In my case in “C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64\”
Once I did this, after of course updating all the manifest files with the correct publisher details, I was able to sign my bundle as I wanted.