SSL certificate error on Web App deployment (Azure)

I have issues deploying a website to Azure Web App. I tried different things to resolve including bypassing the SSL validation.

I have included the certificate to the trusted root certification authority in Octopus server. And it gives me " A certificate mismatch occurred".

Since we are trying to deploy to a dev environment at the moment, bypassing the security would also suffice although not desired.

I have included most of the solutions found on internet for example (https://help.octopusdeploy.com/discussions/questions/14161-reset-powershell-or-other-way-to-ignore-certificate-error-sometimes) to powershell script as part of the deployment process to the step template and it gives me “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel”

I am new to DevOps and Octopus Deploy so if anyone can help to resolve the issue, will be much appreciated.

Hi,

Thanks for getting in touch! To get a better idea of what could be going wrong here I will need you to attach a full copy of your deployment log where you are seeing this issue.

The logs will have a lot more information to help me identify what is going wrong here. :slight_smile:

Looking forward to hearing from you and getting to the bottom of this.

Best regards,
Daniel

Hi Daniel,

Thanks for getting back to me. I have attached the error log. Thanks.

Kind regards,

Merril

ServerTasks-1812.log.txt (22.6 KB)

Hi Merril,

Thanks for getting back with the logs. I can see the error you are having:

09:16:47   Verbose  |       Retrieved publishing profile. URI: https://******  UserName: ******
09:16:48   Verbose  |       Using ID '******' for connections to the remote server.
09:16:48   Verbose  |       Pre-authenticating to remote agent URL 'https://******' as '******'.
09:16:48   Error    |       A certificate mismatch occurred. We have had reports previously of Azure using incorrect certificates for some Web App SCM sites, which seem to related to a known issue, a possible fix is documented in https://g.octopushq.com/CertificateMismatch.
09:16:48   Verbose  |       Retry #1 on Azure deploy. Exception: Connected to the remote computer ("******") using the specified process ("Web Management Service"), but could not verify the server's certificate. If you trust the server, connect again and allow untrusted certificates.  Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.

Would you be able to confirm whether you have followed the potential workaround on the following page?

The steps listed are as follows:

1. In the Azure portal, go to the Configuration tab for your site
2. Go to the SSL bindings section. The assumption is that you have a binding set to 'IP based SSL'
3. Change the binding to 'SNI SSL' and click Save
4. Change it back to 'IP based SSL' and Save again

Let me know if this helps, or if you are still stuck. :slight_smile:

Looking forward to hearing from you.

Best regards,
Daniel

Hi Daniel,

I have come across that solution and could not figure it out. We have an internal web app with a private certificate. The solution suggested was not applicable to us. When we uploaded the certificate on Azure, It only had SNI SSL option. I have included a print screen from azure portal for the SSL configuration.

Kind regards,

Merril.