Publishing from Visual Studio 2015 - allow untrusted certificates

Question

I am publishing my ASP.NET 5 MVC6 project from Visual Studio 2015. I have imported publish profile from my server. Connection validates successfully, however when I publish my project I have the following error:

ERROR_CERTIFICATE_VALIDATION_FAILED

Connected to the remote computer ("XXXXXXXXX") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.

There is no option to allow untrusted certificates in publishing settings.

Just clean and validate connection and try again. It will work if it's worked before — , May 20 '18 at 20:35

Dealdiane · Accepted Answer · 2015-11-12T03:31:24.227

144

The option to allow untrusted certificates is not yet supported in the current tooling. Hopefully, this gets updated very soon. You can, however, set it manually.

Open the publish profile file (.pubxml) inside /Properties/PublishProfiles in a text editor
Inside the <PropertyGroup> element, set AllowUntrustedCertificate to True (<AllowUntrustedCertificate>True</AllowUntrustedCertificate>) or add it if it doesn't exist
Set UsePowerShell to False (<UsePowerShell>False</UsePowerShell>).

~~At this time of writing, the generated powershell script disregards the AllowUntrustedCertificate property which is probably a bug, hence, the need to set it to False.~~

You can get powershell to work if you update the module version in the .ps1 file.

As a side note, you can also get around this problem by "trusting" the server's certificate locally.

edited Nov 12 '15 at 03:31

answered Nov 12 '15 at 01:29

Dealdiane

3,984
1
24
35

1

Thank you sir. It solved my original problem, but now I have another error: ERROR_USER_UNAUTHORIZED. "Web deployment task failed. (Connected to the remote computer (XXXX) using the Web Management Service, but could not authorize." The credentials are correct, I believe it is permission issue. Can you give me some insight on how to solve a new error ? – koryakinp Nov 12 '15 at 06:24
Is the user an admin of the server? – Dealdiane Nov 12 '15 at 06:25
Yes. The user is an admin of the server. – koryakinp Nov 12 '15 at 06:35
I'm afraid there's just too many variables that it's a bit hard to narrow it down to something specific. Normally, if the user is an admin, "it just works". I suggest you create another question. Provide as many detail as you can and perhaps someone more familiar with that error can chime in and help you better. Check [this](http://www.iis.net/learn/install/installing-publishing-technologies/installing-and-configuring-web-deploy-on-iis-80-or-later) as well. Scroll down to the bottom and make sure you don't miss the section: "TROUBLESHOOTING COMMON ISSUES" – Dealdiane Nov 12 '15 at 06:50
1

Can you link to some info about "trusting" a server locally? – Serj Sagan Jan 14 '16 at 03:25
Nm, the info in the 'update the module version' helped me get past that... but now I am getting the `ERROR_USER_UNAUTHORIZED` error too :( – Serj Sagan Jan 14 '16 at 03:29
I ended up publishing to a local file folder and pushing the files via FTP as a workaround... – Serj Sagan Jan 14 '16 at 03:32
By updating the `module version` to `1.0.2-beta2` as is in the link, I get this error: `The specified module "" was not loaded because no calid module file was found in any module directory.`. – A-Sharabiani Feb 10 '16 at 22:38
How can I do with MVC 5 and less? This probably works only for dotnet Core. Thanks. – Petr Tomášek Nov 17 '16 at 09:41

score 47 · Answer 2 · answered Aug 13 '16 at 18:08

47

For dot net core 1.0 you have to add the tag

 <AllowUntrustedCertificate>True</AllowUntrustedCertificate>

to publishprofiles in your .pubxml file

answered Aug 13 '16 at 18:08

pedrommuller

15,741
10
76
126

spottedmahn · Answer 3 · 2017-07-28T13:49:00.430

21

I had <UsePowerShell>True</UsePowerShell> but it was still failing with the cert error.

I re-entered my password in the settings dialog and it still failed
Once I clicked on Validate Connection it started working.

Note

VS 2017 (15.2)
My password recently changed
As a test, entered the wrong password and I got the cert error so the cert error is not just about an untrusted cert apparently

edited Jul 28 '17 at 13:49

answered Jul 15 '17 at 14:34

spottedmahn

14,823
13
108
178

2

Just came here to post the same solution. Open the publishing settings dialog, re-validate the connection by clicking "Validate Connection", re-save the profile, and click deploy again - this gets me past the certificate issue every time, but I have to do it every time I restart VS - likely a bug. – Levi Fuller Jul 17 '17 at 19:42
1

it certainly feels like a bug! thanks for the note @LeviFuller – spottedmahn Jul 17 '17 at 20:16
1

Brilliant! This works for me too. Yes, it appears to be a bug: https://developercommunity.visualstudio.com/content/problem/64779/web-deploy-could-not-verify-servers-certificate.html – pcdev Jul 28 '17 at 05:33
supposedly this has been fixed in VS 2017 Update 3. thanks for the link @pcdev – spottedmahn Aug 23 '17 at 12:42
2nd Dev Community Problem Report: [Publish Web App -> could not verify the server’s certificate](https://developercommunity.visualstudio.com/content/problem/504914/publish-web-app-could-not-verify-the-servers-certi.html). They say it was fixed in 15.5 but I still have the problem in 16.1.0 Preview 3 . – spottedmahn May 13 '19 at 15:56

score 19 · Answer 4 · answered Apr 06 '17 at 21:14

19

For me, the solution took 4 lines in the publish profile xml.

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<UseMsDeployExe>true</UseMsDeployExe>
<UserName>myuser</UserName>
<Password>mypass</Password>

The UseMsDeployExe changes the error to ignore the certificate, but not authenticate the user, hence the need for the user and pass (of the machine you're deploying to)

No changes were needed in the powershell script.

answered Apr 06 '17 at 21:14

crthompson

15,653
6
58
80

1

That's the version that worked for me after thousands of searches and tries. – Alina May 24 '17 at 08:04
1

In VS 2017.2, this is the only thing that works for me. – Dylan Jun 04 '17 at 13:42
1

After using this which works, I've found a way to get it work without storing the password in plain text in the profile xml, see: https://stackoverflow.com/questions/33659696/publishing-from-visual-studio-2015-allow-untrusted-certificates/45997156#45997156 – ArieKanarie Sep 01 '17 at 09:32
1

Working with web api 2. No need store password in profile.xml. UseMsDeployExe was the key. I prefer type it in the window prompt when publising. Thanks. – Juan R Nov 28 '18 at 11:16
1

I have spent a couple of days on this problem, and this was the only way I found to fix the issue. – ccoutinho Feb 16 '19 at 16:07
1

Adding only `True` without the other three tags worked for me. – Josh Noe Feb 16 '21 at 17:05

score 4 · Answer 5 · answered Oct 14 '21 at 01:32

4

add this line to your publish profile which existed in the path like in the attached picture

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

answered Oct 14 '21 at 01:32

Mahmoud Nasr

564
7
11

1

Thank you for screen shot, I was wondering where the properties are located – Nov 29 '21 at 22:51

Daniel Adigun · Answer 6 · 2017-04-02T21:32:15.640

2

Update

Just a little observation, when deploying a .net core app on VS2015 or VS2017 community, to a remote IIS server please use this

<UsePowerShell>True</UsePowerShell>

not

<UsePowerShell>False</UsePowerShell>

Discovered that deployment was completing as successful but no files were copied to server until I changed the tag to true.

I hope this helps someone.

edited Apr 02 '17 at 21:32

answered Mar 17 '17 at 20:19

Daniel Adigun

259
1
10

1

There seems to be a contradiction here. You say first to set the flag to true, but then say nothing is copied unless the flag is false. Can you clarify? – crthompson Mar 30 '17 at 17:43
thanks for the observation @paqogomez. please use True . The last statement in my comment was a typo. thanks once again – Daniel Adigun Apr 02 '17 at 21:31

score 2 · Answer 7 · answered Jun 17 '20 at 16:35

2

For dotnet 3.1.0 in VS 2019 just go "Edit" profile -> Validate Connection -> Accept the certificate and its done

answered Jun 17 '20 at 16:35

Areu

105
10

1

Yeah, but it doesn't seem to be a permanent solution; it only works for the current session. – Bozhidar Stoyneff Dec 07 '20 at 14:27

score 1 · Answer 8 · answered Sep 01 '17 at 09:30

Yet another solution

I created publish settings on the remote IIS and imported them in Visual Studio 2017 (15.2). After that I changed the URL to specify the sitename as the IIS-user only has access to the specific site (thanks to this answer on SO). I've entered the credentials via the UI and there is no need to store the password in the profile.

My profile looks like:

<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish>https://some.site.com:443/</SiteUrlToLaunchAfterPublish>
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<PublishFramework>netcoreapp1.1</PublishFramework>
<ProjectGuid>eecf975e-f2e6-440f-bfd6-a0a63c25e3c3</ProjectGuid>
<MSDeployServiceURL>https://url.toourserver.com:8172/msdeploy.axd?site=some.site.com</MSDeployServiceURL>
<DeployIisAppPath>some.site.com</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<UserName>IISUserName</UserName>    
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>    
<_SavePWD>True</_SavePWD>

<AllowUntrustedCertificate> was needed as the self signed certificate is not trusted on my machine.

With this profile a backup is made according to the settings in IIS, the site is updated and opened in my browser when the process is finished :-)

Although all the other answers here also made it work, I thought it would be nice to share this way as it involves only a few changes (AllowUntrustedCertificate) and no storage of plain passwords.

score 0 · Answer 9 · answered Mar 17 '19 at 09:55

0

After importing or creating profile click configure and then validate connection. Enter password and finish the setup. Now deploy.

answered Mar 17 '19 at 09:55

Kenan Begić

1,228
11
21

score 0 · Answer 10 · answered May 20 '20 at 15:28

0

Another solution as well

I had this same issue when deploying Azure Web Jobs in VS2019. Look at my answer here for more details.

answered May 20 '20 at 15:28

nraduka

129
2
7

score 0 · Answer 11 · answered Mar 16 '22 at 18:45

#1. Install the latest version of .NET CLI from https://download.microsoft.com/download/0/F/D/0FD852A4-7EA1-4E2A-983A-0484AC19B92C/dotnet-sdk-2.0.0-win-x64.exe

#2. set this property in the pubxml and it should work consistently:

true

(Under Properties\PublishProfiles<profilename>.pubxml)

Publishing from Visual Studio 2015 - allow untrusted certificates

11 Answers11

Linked