You are not logged in.
Any dotnet command that restores packages fails with certificate validation.
Affects dotnet and dotnet-3.1.
Package 'Microsoft.AspNetCore.App.Ref 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain
Package 'Microsoft.AspNetCore.App.Ref 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature validity period has expired.
When trying to re-install the package, I can see warnings for all various certificates.
X.509 Certificate v3
Issued from: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Issued to: C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01
Valid from: 7/29/2020 12:30:00 PM
Valid until: 6/27/2024 11:59:59 PM
*** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.
X.509 Certificate v3
Issued from: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Issued to: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01
Valid from: 7/21/2020 11:00:00 PM
Valid until: 10/8/2024 7:00:00 AM
*** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.
X.509 Certificate v3
Issued from: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Issued to: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02
Issued to: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02
Valid from: 7/21/2020 11:00:00 PM
Valid until: 10/8/2024 7:00:00 AM
*** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.
Looks like it was an issue on Debian also: https://github.com/NuGet/Announcements/issues/49
Last edited by faith (2021-03-21 10:38:54)
Offline
Is this the related change https://github.com/nss-dev/nss/commit/9 … 9f6b5796e1?
Offline
Is this the related change https://github.com/nss-dev/nss/commit/9 … 9f6b5796e1?
Doesn't look like that's it.
Offline
loqs wrote:Is this the related change https://github.com/nss-dev/nss/commit/9 … 9f6b5796e1?
Doesn't look like that's it.
https://github.com/NuGet/Home/issues/10 … -778841003 matches that change. if you downgrade to ca-certificates-mozilla 3.62-1 then synchronize the mono certifcate store with the system one is the issue still present?
https://github.com/nss-dev/nss/commit/0 … a5d05e2f30 has been in updates since ca-certificates-mozilla 3.60-1 so that seems less likely to me.
Edit:
https://bugs.archlinux.org/task/70095
Last edited by loqs (2021-03-20 19:01:20)
Offline
Thanks!
Downgrading ca-certificates-mozilla to 3.63 and copying .pem file manually fixes the issue!
Offline
Just in case anyone needs tips on how to do this (downgrading ca-certificates-mozilla), what I did was download these two files:
https://archive.archlinux.org/packages/ … kg.tar.zst
https://archive.archlinux.org/packages/ … ar.zst.sig
Then just pacman -U ca-certificates-mozilla-3.62-1-x86_64.pkg.tar.zst
There may be a better way to do so but this worked for me. Thanks to faith and loqs for the help on this!
Offline