Certificate chain validation failed.

[nochtap]

When I try to use this tool with Azure Devops Hosted Agent (ubuntu-20.04) I got a following error:

info: NuGetKeyVaultSignTool.Program[0]
      SignAsync [/home/vsts/work/1/a/packed/tool-devops.1.0.0-rc.nupkg]: Begin Signing tool-devops.1.0.0-rc.nupkg
fail: NuGetKeyVaultSignTool.Program[0]
      NuGet [/home/vsts/work/1/a/packed/tool-devops.1.0.0-rc.nupkg]: NU3018: PartialChain: unable to get local issuer certificate
fail: NuGetKeyVaultSignTool.Program[0]
      Certificate chain validation failed.
NuGet.Packaging.Signing.SignatureException: Certificate chain validation failed.
   at NuGet.Packaging.Signing.CertificateChainUtility.GetCertificateChain(X509Certificate2 certificate, X509Certificate2Collection extraStore, ILogger logger, CertificateType certificateType)
   at NuGet.Packaging.Signing.SignPackageRequest.BuildSigningCertificateChainOnce(ILogger logger)
   at NuGet.Packaging.Signing.SigningUtility.Verify(SignPackageRequest request, ILogger logger)
   at NuGet.Packaging.Signing.SigningUtility.SignAsync(SigningOptions options, SignPackageRequest signRequest, CancellationToken token)
   at NuGetKeyVaultSignTool.SignCommand.SignAsync(String packagePath, String outputPath, String timestampUrl, Uri v3ServiceIndex, IReadOnlyList`1 packageOwners, SignatureType signatureType, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm, Boolean overwrite, X509Certificate2 publicCertificate, RSA rsa, CancellationToken cancellationToken) in /_/NuGetKeyVaultSignTool.Core/SignCommand.cs:line 98

I use a self-signed certificate!

NuGetKeyVaultSignTool --version
3.1.0

[mbhoek]

I'm experiencing the same problem. It does work if I choose windows-latest as a Hosted Agent.

I also found this issue that might be related? https://github.com/dotnet/runtime/issues/48794