At the time of this writing, when code signing a Windows 8 Style applications (formerly known as Metro) the publisher field in the app manifest file must exactly match the subject of the signing certificate in order to sign the package. Our commercial code signing certificate from Comodo included a Postal Code field which failed validation per Microsoft's publisher regex, shown below.
| Publisher | Describes the publisher information. The Publisher attribute must match the publisher subject information of the certificate used to sign a package. | A string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : "(CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")(, ((CN|L|O|OU|E|C|S|STREET|T|G|I|SN|DC|SERIALNUMBER|(OID\.(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*))+))=(([^,+="<>#;])+|".*")))*". Further, semantic validation ensures that the string is compliant with CertNameToStr Windows API implementation of X.500 rules. |
Comodo assures us they are not alone in including Postal Code in their certificates and they have opened a conversation with Microsoft on the topic. Microsoft may change the regex or you can ask your certificate provider to omit the postal code from the certificate subject.