Closed andyfisher100 closed 8 years ago
This looks to be external to the agent. You need to get your mac able to talk ssl (the first command should work). We're not even handling the ssl layer - we're going through node which is using libcurl so this is an OS config issue
I am trying to install the on Ubuntu Linux agent and got a similar issue: when running ./run.sh it give me "unable to verify the first certificate"
somebuild@somevm:~$ ./run.sh
Enter alternate username > someuser
Enter alternate password >
Enter server url > https://tfs.some.url.com/tfs/
Enter agent name (enter sets somevm) >
Enter agent pool name (enter sets default) > somepool
Enter force basic (enter is false) > true
Error starting the agent
**unable to verify the first certificate**
However my Linux talks SSL with the TFS server (not without effort)
somebuild@somevm:~$ openssl s_client -connect tfs.some.url.com:443
CONNECTED(00000003)
...
Secure Renegotiation IS supported
SSL-Session:
Protocol : TLSv1
...
Timeout : 300 (sec)
Verify return code: 0 (ok)
Any suggestion troubleshooting?
I'm trying to setup the agent on a MAC for my on prem TFS instance.
The TFS 2015 Update 2 RC2 Instance is hosted on a windows box with SSL enabled and basic authentication on the TFS Web Site in IIS. The SSl certificates used for TFS are created from our Microsoft Active Directory Certificate Cervices instance and are in the following chain. RootCA > SubCA > WebServerCert
The MAC is currently running Yosemite Version of OS X. I uploaded the RootCA and Sub CA to the keychain and as a result, when i navigate to the TFS url via a browser, i can access the site without any certificate issues being reported.
When i try and configure the agent on the MAC, i get the following error: Error starting the agent unable to verify the first certificate
From searching around, this looks error like an OpenSSL error and if i run the following command from a terminal window, i get the same error:
$ openssl s_client -connect tfsserverurl:443
Verify Return Code: 21 (unable to verify the first certificate)However, that command allows you to also specify the location of the CA file on the machine and if i do this, this successfully verifies.
$ openssl s_client -connect tfsserverurl:443 -CAfile /path/SubCA.cer
Verify Return Code: 0 (ok)Any idea how i can resolve this issue so that i can configure the agent?