Publishing from Visual Studio 2015 - allow untrusted certificates
.NetSslVisual Studio-2015Publishasp.net Core.Net Problem Overview
I am publishing my ASP.NET 5 MVC6 project from Visual Studio 2015. I have imported publish profile from my server. Connection validates successfully, however when I publish my project I have the following error:
ERROR_CERTIFICATE_VALIDATION_FAILED
> Connected to the remote computer ("XXXXXXXXX") using the specified > process ("Web Management Service"), but could not verify the server's > certificate. If you trust the server, connect again and allow > untrusted certificates.
There is no option to allow untrusted certificates in publishing settings.
.Net Solutions
Solution 1 - .Net
The option to allow untrusted certificates is not yet supported in the current tooling. Hopefully, this gets updated very soon. You can, however, set it manually.
- Open the publish profile file (
.pubxml
) inside /Properties/PublishProfiles in a text editor - Inside the
<PropertyGroup>
element, set AllowUntrustedCertificate to True (<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
) or add it if it doesn't exist - Set UsePowerShell to False (
<UsePowerShell>False</UsePowerShell>
).
At this time of writing, the generated powershell script disregards the AllowUntrustedCertificate
property which is probably a bug, hence, the need to set it to False
.
You can get powershell to work if you update the module version in the .ps1
file.
As a side note, you can also get around this problem by "trusting" the server's certificate locally.
Solution 2 - .Net
For dot net core 1.0 you have to add the tag
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
to publishprofiles in your .pubxml file
Solution 3 - .Net
I had <UsePowerShell>True</UsePowerShell>
but it was still failing with the cert error.
- I re-entered my password in the settings dialog and it still failed
- Once I clicked on Validate Connection it started working.
Note
- VS 2017 (15.2)
- My password recently changed
- As a test, entered the wrong password and I got the cert error so the cert error is not just about an untrusted cert apparently
Solution 4 - .Net
For me, the solution took 4 lines in the publish profile xml.
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<UseMsDeployExe>true</UseMsDeployExe>
<UserName>myuser</UserName>
<Password>mypass</Password>
The UseMsDeployExe
changes the error to ignore the certificate, but not authenticate the user, hence the need for the user and pass (of the machine you're deploying to)
No changes were needed in the powershell script.
Solution 5 - .Net
Update
Just a little observation, when deploying a .net core app on VS2015 or VS2017 community, to a remote IIS server please use this
<UsePowerShell>True</UsePowerShell>
not
<UsePowerShell>False</UsePowerShell>
Discovered that deployment was completing as successful but no files were copied to server until I changed the tag to true.
I hope this helps someone.
Solution 6 - .Net
For dotnet 3.1.0 in VS 2019 just go "Edit" profile -> Validate Connection -> Accept the certificate and its done
Solution 7 - .Net
add this line to your publish profile which existed in the path like in the attached picture
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
Solution 8 - .Net
Yet another solution
I created publish settings on the remote IIS and imported them in Visual Studio 2017 (15.2). After that I changed the URL to specify the sitename as the IIS-user only has access to the specific site (thanks to this answer on SO). I've entered the credentials via the UI and there is no need to store the password in the profile.
My profile looks like:
<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish>https://some.site.com:443/</SiteUrlToLaunchAfterPublish>
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<PublishFramework>netcoreapp1.1</PublishFramework>
<ProjectGuid>eecf975e-f2e6-440f-bfd6-a0a63c25e3c3</ProjectGuid>
<MSDeployServiceURL>https://url.toourserver.com:8172/msdeploy.axd?site=some.site.com</MSDeployServiceURL>
<DeployIisAppPath>some.site.com</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<UserName>IISUserName</UserName>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<_SavePWD>True</_SavePWD>
<AllowUntrustedCertificate>
was needed as the self signed certificate is not trusted on my machine.
With this profile a backup is made according to the settings in IIS, the site is updated and opened in my browser when the process is finished :-)
Although all the other answers here also made it work, I thought it would be nice to share this way as it involves only a few changes (AllowUntrustedCertificate) and no storage of plain passwords.
Solution 9 - .Net
After importing or creating profile click configure and then validate connection. Enter password and finish the setup. Now deploy.
Solution 10 - .Net
Another solution as well
I had this same issue when deploying Azure Web Jobs in VS2019. Look at my answer here for more details.
Solution 11 - .Net
#1. Install the latest version of .NET CLI from https://download.microsoft.com/download/0/F/D/0FD852A4-7EA1-4E2A-983A-0484AC19B92C/dotnet-sdk-2.0.0-win-x64.exe
#2. set this property in the pubxml and it should work consistently:
(Under Properties\PublishProfiles<profilename>.pubxml)