System.Private.CoreLib: The remote certificate is invalid according to the validation procedure.

[GideonWislang]

I'm developing functions locally on MacOS using bindings pointing to the CosmosDB Emulator which is on a parallels Windows VM. I followed the documentation and installed the SSL Certificate which allowed me to connect to the Cosmos Emulator on my Mac via browser and VSCode: Azure databases extension with no problem.

I'm currently having trouble with my locally run functions connecting to the CosmosDB Emulator. I can see this is likely a certificate issue but I've installed the CosmosDB certificate on my Mac and was then able to connect to it but no luck with Azure Function. Not sure what else to do.

[06/06/2020 04:26:56] Executing HTTP request: {
[06/06/2020 04:26:56]   "requestId": "ea813f90-e1c7-4667-8ccb-0896aa632c01",
[06/06/2020 04:26:56]   "method": "POST",
[06/06/2020 04:26:56]   "uri": "/api/editUser"
[06/06/2020 04:26:56] }
[06/06/2020 04:26:56] Executing 'Functions.editUser' (Reason='This function was programmatically called via the host APIs.', Id=55922534-69af-43c9-ae15-c6d5dea33fd9)

--- ERROR HERE ---
[06/06/2020 04:26:57] Executed 'Functions.editUser' (Failed, Id=55922534-69af-43c9-ae15-c6d5dea33fd9)
[06/06/2020 04:26:57] System.Private.CoreLib: Exception while executing function: Functions.editUser. System.Net.Http: The SSL connection could not be established, see inner exception. System.Private.CoreLib: The remote certificate is invalid according to the validation procedure.
------------------

[06/06/2020 04:26:57] Executed HTTP request: {
[06/06/2020 04:26:57]   "requestId": "ea813f90-e1c7-4667-8ccb-0896aa632c01",
[06/06/2020 04:26:57]   "method": "POST",
[06/06/2020 04:26:57]   "uri": "/api/editUser",
[06/06/2020 04:26:57]   "identities": [
[06/06/2020 04:26:57]     {
[06/06/2020 04:26:57]       "type": "WebJobsAuthLevel",
[06/06/2020 04:26:57]       "level": "Admin"
[06/06/2020 04:26:57]     }
[06/06/2020 04:26:57]   ],
[06/06/2020 04:26:57]   "status": 500,
[06/06/2020 04:26:57]   "duration": 36
[06/06/2020 04:26:57] }

Appreciate any help, Thank you! :)

[anthonychu]

Can you confirm that you can access a Cosmos DB instance in Azure? Just want to confirm that the problem is specific to the Cosmos DB extension talking to the emulator in Parallels.

Have your restarted your machine after you trusted the cert? Doubt it'd help as you can access the emulator with other apps on your Mac, not sure if func somehow has things cached.

[GideonWislang]

Yeah I can access a Cosmos DB instance in Azure and just gave it a restart and seems to still be happening.

[GideonWislang]

Hey @anthonychu did you manage to find a solution?

[anthonychu]

@southpolesteve Any thoughts on this?

[anthonychu]

@GideonWislang Are you still getting this error? Were you able to find a workaround or fix?

[GideonWislang]

@GideonWislang Are you still getting this error? Were you able to find a workaround or fix?

Yeah so no fix but I was able to find a workaround which was just running the functions on the parallels then just ssh into it to monitor logs. Able to easily edit the functions as the directory where the functions are stored is shared.

[southpolesteve]

I'm not sure how this works for .NET. NodeJS has an env var that will turn off cert checks, but I don't know if anything like that exists for .NET. @ealsur an ideas?

[ealsur]

We tested running the Emulator running in a Windows VM inside a Mac following these steps: https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator#running-on-mac-or-linux

[GideonWislang]

I'm not sure how this works for .NET. NodeJS has an env var that will turn off cert checks, but I don't know if anything like that exists for .NET. @ealsur an ideas?

Perfect! what would it be as they are NodeJS function.

[GideonWislang]

We tested running the Emulator running in a Windows VM inside a Mac following these steps: https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator#running-on-mac-or-linux

Yes this is what I followed when setting it up, works great just can't connect to it via azure functions core tools.

[ealsur]

Are you using the .NET Cosmos SDK in Azure Functions? Or using the bindings? Did you change the connection policy by any chance to Direct (should be Gateway for this to work)

[southpolesteve]

For NodeJS, you can turn off TLS checks by setting this env variable https://nodejs.org/api/cli.html#cli_node_tls_reject_unauthorized_value

The error looks like it is coming from the .NET functions tool though. Not the JS code.

[anthonychu]

Yeah looks like this is the bindings not able to connect, so Node.js settings are likely to have no effect.

@GideonWislang could try pulling in the Cosmos DB SDK and see if that makes a difference (disabling Node.js TLS if needed). That's not really solving the problem but could be a workaround.

We tested running the Emulator running in a Windows VM inside a Mac following these steps: https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator#running-on-mac-or-linux

@ealsur Do you know if a .NET app in macOS was used for this test?

[ealsur]

Yes, we tested it on a NET Core app running on the Mac and it was working, when the SDK was set to Gateway mode (using HTTPS). (The screenshots on the docs were taken on that process).

[LHousehold]

I am also experiencing this issue and I assume it's ongoing. While the instructions work perfectly in almost all cases, it appears that Azure Functions Core Tools still continues to reject the SSL certificate. Personally I am using bindings and it isn't working. I'm running core tools in WSL and imported the cert using the update-ca-certificates command and all that.

Do we have any updates on this?

[lVlario0O0o]

I have a similar issue. I'm running node on wsl2 and try accessing the cosmosDB emulator in a windows host. Before having an SSL issue, I had a connection refused. I had to start the emulator with /AllowNetworkAccess flag. See

I'm also using the Azure Functions Core Tools. I'm gonna try to start the emulator with the /GenCert flag!

[apawast]

@GideonWislang are you still experiencing issues?

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.