56

Whenever I'm trying to install something or even just list the packages I get this error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"

I tried this solution from Codeplex with no luck.

I use the latest version of Nuget.

I also tried different options in devenv.exe.config like this:

<servicePointManager  checkCertificateName="false"    checkCertificateRevocationList="false"/>
chemark
  • 1,181
  • 1
  • 13
  • 19

12 Answers12

96

  • Go to VS2010 → Tools → Library Package Manager → Package Manager Settings.

  • Choose Package Manager → Package Sources.

  • Add a new package source as:

  • Move Up the newly added package source to first position.

  • UnCheck existing "Nuget official package source"

  • Restart VS2010.

Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
Sunil
  • 2,885
  • 5
  • 34
  • 41
  • 3
    Thank you, It also worked for me, on Visual Studio 2013 Express, behind corporate proxy/firewall. Just wanted to add, that It didn't required me to Restart Visual studio either. It will just work. – Saad Farooq Nov 03 '14 at 05:32
22

Go to https://nuget.org/ and get its certificate.

For example, if you're using Firefox: after opening nuget site - click site's icon on the left side of address bar, click 'More Information', and on the Security tab there should be 'Web-site identity' section with 'View certificate' button. Click there, in the opened dialog select Details tab - there you should see chain for *.nuget.org. Click button 'Export' at the bottom and save certificate to the file (add .cer extension manually, because dialog won't do it for you).

Now you need to setup you system so that it will trust the certificate. Press Win+R (Run dialog will be opened) -> type mmc there and run it (with admin privileges if you have UAC turned on). There select File -> Add or remove snapin... -> select Certificates on the left, in the dialog select Computer account and Local computer. Click OK - the tree will have Certificates node in the Console root. Open it and file folder Trusted People. From its context menu select All tasks -> Import... -> Select file that you have exported before and import it.

Everything should be working fine.

Ivan Danilov
  • 14,287
  • 6
  • 48
  • 66
12

We had the same issue in work, and we resolved this by dropping the secure socket, Https -> http. This means you can use the V2 URL http://nuget.org/api/v2/.

Possibly an issue getting rid of the secure socket, but the above URL (http://packages.nuget.org/v1/FeedService.svc/) is also unsecure.

Christian Phillips
  • 18,399
  • 8
  • 53
  • 82
8

There's apparently an issue with the SSL cert on go.microsoft.com. Change the package source url to http://packages.nuget.org/v1/FeedService.svc/ and it should work just fine.

anand
  • 81
  • 1
  • 1
8

Related: ServicePointManager does not support proxies with the https scheme

If you've previously had Fiddler open, you might well have a certificate for nuget.org that is invalid.

If so, open up MMC, add the Certificates snapin (current User) and remove nuget.org from the Personal store.

Example certificate to remove

Due to Nuget keeping a handle to this cert (seemingly) you will have to restart Visual Studio. Afterwards, you should have a good time.

AndyElastacloud
  • 625
  • 5
  • 21
4

Go to VS2012 -> Tools -> Library Package Manager -> Package Manager Settings Choose Package Manager -> Package Sources.

  1. Add a new package source as: Name= NugetSource Source= http://packages.nuget.org/v1/FeedService.svc/
  2. Move Up the newly added package source to first position.
  3. UnCheck existing "Nuget official package source"
  4. Restart VS2012.

This is working on my machine.

Paresh Mayani
  • 127,700
  • 71
  • 241
  • 295
chandan
  • 69
  • 2
3

If nothing from above works, try this....

Try pasting the following into a .reg file and run it. Then try running your NuGet command (no reboot required).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

Ran into this issue because TLS1.2 was not enabled (similar to Tony's response). Using http does not fix the situation because NuGet redirects to https now that TLS1.2 is enforced.

thanks to "neoscribe"

AlejandroDG
  • 746
  • 8
  • 16
2

As of today 21-Jan-2015, the correct url is https://www.nuget.org/api/v2/. The www is required or the certificate fails. Do NOT fall back to http because you are opening your code and all of its consumers to a nasty MITM vector.

psaxton
  • 1,693
  • 19
  • 24
1

For me the problem was solved by clearing the nuget cache (and restarting VS)

JBSnorro
  • 6,048
  • 3
  • 41
  • 62
0

I could solve this problem by dropping the secure socket, https -> http. Go to Tools -> Nuget Package Manager -> Package Sources, then add a new source, but without https:

This means http://nuget.org/api/v2/.

user3666197
  • 1
  • 6
  • 50
  • 92
Vladimir
  • 1
0

I had to remove https in Local machine settings for Nuget and added (http) it to user level in Tools -> Library Package Manager -> Package Manager Settings Choose Package Manager -> Package Sources.

jay
  • 1
0

i have had no luck with any method related to Visual Studio. Not updating everything, not manually adding the Root Certificate of https://api.nuget.org/v3/index.json to windows, etc. How I fixed it:

nuget restore MySolution.sln

Download nuget here.

kellogs
  • 2,837
  • 3
  • 38
  • 51