Home > OS >  Nuget Package restore failing on Ubuntu 20.04 with remote certificate is invalid
Nuget Package restore failing on Ubuntu 20.04 with remote certificate is invalid

Time:12-03

I have a .net core 3.1 project I am attempting to build on an Ubuntu 20.04 virtual machine.

The project was building successfully, I now need to update one of the NuGet packages in the project. Once I change the package version in the .csproj file to the required version, when I either build or perform "dotnet restore" I get the following message:

/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error :   The SSL connection could not be established, see inner exception. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error :   The remote certificate is invalid according to the validation procedure. [/home/ic/Source/redacted.csproj]

If I browse to https://api.nuget.org/v3/index.json I can successfully view the json in the browser and the certificate appears to be trusted.

I have:

CodePudding user response:

Not sure in the end what actually solved my problem, but, long story short, I think the following worked:

Running wget on api.nuget.org gave:

--2021-12-02 09:38:34--  https://api.nuget.org/v3/index.json
Resolving api.nuget.org (api.nuget.org)... 152.199.40.167
Connecting to api.nuget.org (api.nuget.org)|152.199.40.167|:443... connected.
ERROR: cannot verify api.nuget.org's certificate, issued by 'CN=Microsoft Azure TLS Issuing CA 05,O=Microsoft Corporation,C=US’:
  Unable to locally verify the issuer's authority.
To connect to api.nuget.org insecurely, use `--no-check-certificate'.

At some point in researching that error, I reinstalled ca-certificates (not sure if that has anything to do with resolving the problem):

sudo apt-get install --reinstall ca-certificates

Ultimately, I found: "dotnet restore" fails with "SSL peer certificate or SSH remote key was not OK" which led me to setting the SSL_CERT_FILE environment variable:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

That seems to have been the key and dotnet restore now works correctly.

  • Related