Publishing from Visual Studio 2015 - allow untrusted certificates

I am publishing my ASP.NET 5 MVC6 project from Visual Studio 2015. I have imported publish profile from my server. Connection validates successfully, however when I publish my project I have the following error:

ERROR_CERTIFICATE_VALIDATION_FAILED

> Connected to the remote computer ("XXXXXXXXX") using the specified > process ("Web Management Service"), but could not verify the server's > certificate. If you trust the server, connect again and allow > untrusted certificates.

There is no option to allow untrusted certificates in publishing settings.

The option to allow untrusted certificates is not yet supported in the current tooling. Hopefully, this gets updated very soon. You can, however, set it manually.

1. Open the publish profile file (.pubxml) inside /Properties/PublishProfiles in a text editor
2. Inside the <PropertyGroup> element, set AllowUntrustedCertificate to True (<AllowUntrustedCertificate>True</AllowUntrustedCertificate>) or add it if it doesn't exist
3. Set UsePowerShell to False (<UsePowerShell>False</UsePowerShell>).

At this time of writing, the generated powershell script disregards the AllowUntrustedCertificate property which is probably a bug, hence, the need to set it to False.

You can get powershell to work if you update the module version in the .ps1 file.

As a side note, you can also get around this problem by "trusting" the server's certificate locally.

For dot net core 1.0 you have to add the tag

 <AllowUntrustedCertificate>True</AllowUntrustedCertificate>

to publishprofiles in your .pubxml file

I had <UsePowerShell>True</UsePowerShell> but it was still failing with the cert error.

• I re-entered my password in the settings dialog and it still failed
• Once I clicked on Validate Connection it started working.

Note

• VS 2017 (15.2)
• My password recently changed
• As a test, entered the wrong password and I got the cert error so the cert error is not just about an untrusted cert apparently

For me, the solution took 4 lines in the publish profile xml.

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<UseMsDeployExe>true</UseMsDeployExe>
<UserName>myuser</UserName>
<Password>mypass</Password>

The UseMsDeployExe changes the error to ignore the certificate, but not authenticate the user, hence the need for the user and pass (of the machine you're deploying to)

No changes were needed in the powershell script.

Update

Just a little observation, when deploying a .net core app on VS2015 or VS2017 community, to a remote IIS server please use this

<UsePowerShell>True</UsePowerShell> 

not

<UsePowerShell>False</UsePowerShell>

Discovered that deployment was completing as successful but no files were copied to server until I changed the tag to true.

I hope this helps someone.

For dotnet 3.1.0 in VS 2019 just go "Edit" profile -> Validate Connection -> Accept the certificate and its done

add this line to your publish profile which existed in the path like in the attached picture

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

Yet another solution

I created publish settings on the remote IIS and imported them in Visual Studio 2017 (15.2). After that I changed the URL to specify the sitename as the IIS-user only has access to the specific site (thanks to this answer on SO). I've entered the credentials via the UI and there is no need to store the password in the profile.

My profile looks like:

<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish>https://some.site.com:443/</SiteUrlToLaunchAfterPublish>
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<PublishFramework>netcoreapp1.1</PublishFramework>
<ProjectGuid>eecf975e-f2e6-440f-bfd6-a0a63c25e3c3</ProjectGuid>
<MSDeployServiceURL>https://url.toourserver.com:8172/msdeploy.axd?site=some.site.com</MSDeployServiceURL>
<DeployIisAppPath>some.site.com</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<UserName>IISUserName</UserName>    
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>    
<_SavePWD>True</_SavePWD>

<AllowUntrustedCertificate> was needed as the self signed certificate is not trusted on my machine.

With this profile a backup is made according to the settings in IIS, the site is updated and opened in my browser when the process is finished :-)

Although all the other answers here also made it work, I thought it would be nice to share this way as it involves only a few changes (AllowUntrustedCertificate) and no storage of plain passwords.

After importing or creating profile click configure and then validate connection. Enter password and finish the setup. Now deploy.

Another solution as well

I had this same issue when deploying Azure Web Jobs in VS2019. Look at my answer here for more details.

#1. Install the latest version of .NET CLI from https://download.microsoft.com/download/0/F/D/0FD852A4-7EA1-4E2A-983A-0484AC19B92C/dotnet-sdk-2.0.0-win-x64.exe

#2. set this property in the pubxml and it should work consistently:

true

(Under Properties\PublishProfiles<profilename>.pubxml)