unable to get local issuer certificate

mmajcica / retain-release

Azure DevOps Extension containing a release task that will mark the current release to be retained indefinitely

MIT License

5 stars 4 forks source link

unable to get local issuer certificate #4

Closed Shahyads closed 6 years ago

Shahyads commented 6 years ago

We have configured https for tfs 2018 on premise. its ssl certificate is local. so when running this task we get the following error message: "unable to get local issuer certificate"

Shahyads commented 6 years ago

I found the solution just set the variable Agent.SkipCertValidation=true

mmajcica commented 6 years ago

Hi,

indeed, you can disable the ssl check in that way. I'm using the vsts-node-api for all of the calls to VSTS and you can check here how some of the options are passed in: https://github.com/Microsoft/vsts-node-api/blob/1dc7a4af55e588ed7143b7bb563fb92ba385f291/api/WebApi.ts#L123

Also you could get/set a caCert file in the same way on your agent and import the certificate in it.

Based on this feedback I may add an extra option to ignore ssl cert on the task itself.

mmajcica commented 6 years ago

On that, check if Agent.ClientCertArchive is pointing to any file if not, you could set that to point to a cacert file of your choice that contains your certificate.

Shahyads commented 5 years ago

actually the environment variable "Agent_CAInfo" can be set to the path of the certificates file something like this set Agent_CAInfo=E:\TFSAgents\ca-bundle.crt

where ca-bundle.crt file contains the azure devops server (tfs) certificate