Could not verify the server's certificate

jmsb · 3 December 2014 20:05

I am attempting to use the Web Deploy script from:

https://library.octopusdeploy.com/#!/step-template/actiontemplate-web-deploy-publish-website-(msdeploy)

When trying to deploy my application,. I get this exception due to an invalid certificate (which I cannot change):

Exception calling “SyncTo” with “4” argument(s): “Connected to the remote computer (“XXX.XXX.XXX.XXX”) using the specified process (“Web Management Service”), but could not verify the server’s certificate. If you trust the server, connect again and allow untrusted certificates.”

Unfortunately even if I use a patch to ignore cert errors (supposedly) and add this line to the script:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

It still breaks, but this time with an even less useful error:

Exception calling “SyncTo” with “4” argument(s): "Could not connect to the remote computer (“XXX.XXX.XXX.XXX”). On the remote computer, make sure that Web Deploy is installed and that the required process (“Web Management Service”) is started.

Any ideas? This is very frustrating for something as straight forward as using web deploy to publish a web app.

Ranjit_Sellars · 5 December 2014 22:40

I’m having this same issue. I’m able to deploy from VS2012 using the same web deployment path with no issues. As soon as I run the step template for web deploy from octopus, it fails with the same error the Jason.Black has come across.

Damian_Maclennan · 11 December 2014 01:31

Hi Ranjit and Jason,

Are you using the credentials from the publishing profile for the azure site ? (assuming you’re using azure)

Are you able to post a screenshot of your process configuration for the web deploy step ? (blank out anything sensitive if you need to).

Damian

d_spijkerboer · 17 March 2015 12:51

I just ran into the same problem.
It is not hosted on Azure. I tried the [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} fix as well. Got the same errors as Jason.Black.

philip_reed · 9 April 2015 12:09

I get the same error when using the MSDeploy (Web Deploy) template.
In my case, I am trying to deploy to an Azure website.

I get exactly the same 2 errors as jason.black with and without ServerCertificateValidationCallback = {$true} , although I’m not entirely certain where this line of code needs to be placed within the script.

Does the web deploy step execute on a Tentacle or on the Octopus deploy server?
MSDeploy is installed on the Tenticle machine but not on the Octopus deploy server.

What screenshots do you need to help resolve this?

philip_reed · 9 April 2015 12:19

I followed the guide here to setup the process step: https://octopusdeploy.com/blog/deploy-aspnet-applications-to-azure-websites

I have attached a screen shot of my step configuration, it looks the same as the image in the guide.

Damian_Maclennan · 9 April 2015 23:59

Looks ok.

This step will run on a tentacle, and for some reason the tentacle doesn’t trust the certificate that the azure publish url server has. Are your tentacle machines behind a proxy ? Have any cert trust issues in general ?

Can you do a command line web deploy from the tentacle machine ?

Damian

philip_reed · 10 April 2015 15:28

As it happens yes, we do have other issues with certificates.

I’ll bring it up with our network team.

In the meantime, is there a way to ignore an untrusted certificate?

d_spijkerboer · 1 June 2015 14:25

I managed to fix the issue today.
Changes needed:

In de top of the file:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback += { $true }

Replace computername:
$destBaseOptions.ComputerName = $publishUrl (not sure if this one is required)

Comment or delete the line:
#$destBaseOptions.AuthenticationType = “Basic”

After these changes my deployment worked!
In my template, I created a checkbox option ‘Ignore Certificate’ so I can turn these on or off.

Hope this helps you guys!