Azure Error behind proxy: certificate verify failed

resolved
usability
server
known
(Pete N) #1

Hi,
I am using 2019.3.3 behind a corporate proxy to connect to Azure, but i am getting the below “certificate verify failed”, which i guess is because our proxy is intercepting the SSL cert from login.microsoftonline.com and replacing it with our Proxy certificate, which it then isn’t finding in the trust chain.
From reading around i assume Octopus is using Azure Cli under the hood and is running into the error there. The solution to this normally would be to put our proxies certificate in Azure Cli’s “cacert.pem” file as described below, but i have done this and it still fails, is there an equivalent to “cacert.pem” where octopus looks for its certificate chain? Or another way to work around this?
https://github.com/Azure/azure-cli/blob/dev/doc/use_cli_effectively.md#working-behind-a-proxy

ERROR: Please ensure you have network connection. Error detail: HTTPSConnectionPool(host=‘login.microsoftonline.com’, port=443): Max retries exceeded with url: /0e426dfd-70d0-4dcb-b4ab-84bbc1ccf503/oauth2/token (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

(Pete N) #2

Solved this myself!
“cacert.pem” file can be found in below location - adding the certificate in works a treat!

C:\Octopus\OctopusServer\Tools\Octopus.Dependencies.AzureCLI\2.0.50\AzureCLI\Lib\site-packages\certifi\cacert.pem

(Kenneth Bates) #4

Hi Pete,

Thanks for getting in touch! Awesome to hear you you got this solved! Thank you for letting us know the solution here. Don’t hesitate to reach out if you have any questions or concerns in the future. :slight_smile:

Best regards,

Kenny