Getting this error connecting to Sonatype Nexus: The underlying connection was closed: Could not establish trust relationship with SSL/TLS secure channel.
The CERT is valid and works for Jira and several other applications.
Does Octopus need a certain SSL Protocol?
Hi Chris,
Thanks for getting in touch!
You’ve lost me a little bit about what you’re trying to do, are you using Nexus as a Nuget repository ?
Is the certificate trusted by your Octopus Server ?
Damian
Damian,
Thanks for the reply. Yes nexus is currently acting as our nuget server. How do we have Octopus trust the cert? We haven’t had to do this with out other applications that interact with Nexus.
Thank you for your time!
Looking at the Nexus docs it looks like it’s a self signed certificate by default https://books.sonatype.com/nexus-book/reference/ssl-sect-ssl-direct.html
So you’d need to get Windows to trust that certificate authority. This page looks like a good set of instructions http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx
Does that help ?
Damian
Damian,
Thank you for the response. this is actually a signed cert by GEO Trust and not a self signed cert. Nexus is our Nuget repository.
I imported it in to the Windows trust store and I am still getting this error from Octopus. It seems like Octopus is expecting a certain protocol for SSL.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure
Could you provide some steps on how you connected Nexus with Octopus without certificate? I’m only using http atm.
I am having trouble in making this work as external feed.
Alex - Lets continue our conversation on this other thread you created: http://help.octopusdeploy.com/discussions/questions/8433 . This thread is a bit more oriented to certificates, which doesn’t quite match your scenario.