You are not logged in.

#1 2021-03-19 22:16:02

faith
Member
Registered: 2019-09-25
Posts: 13

[Solved] Certificate issues with dotnet & nuget

Any dotnet command that restores packages fails with certificate validation.
Affects dotnet and dotnet-3.1.

Package 'Microsoft.AspNetCore.App.Ref 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature's timestamp found a chain building issue: UntrustedRoot: self signed certificate in certificate chain
Package 'Microsoft.AspNetCore.App.Ref 5.0.0' from source 'https://api.nuget.org/v3/index.json': The author primary signature validity period has expired.

When trying to re-install the package, I can see warnings for all various certificates.

X.509 Certificate v3
   Issued from: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
   Issued to:   C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01
   Valid from:  7/29/2020 12:30:00 PM
   Valid until: 6/27/2024 11:59:59 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
   Issued to:   C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01
   Valid from:  7/21/2020 11:00:00 PM
   Valid until: 10/8/2024 7:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
   Issued to:   C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02
   Issued to:   C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02
   Valid from:  7/21/2020 11:00:00 PM
   Valid until: 10/8/2024 7:00:00 AM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

Looks like it was an issue on Debian also: https://github.com/NuGet/Announcements/issues/49

Last edited by faith (2021-03-21 10:38:54)

Offline

#2 2021-03-19 23:21:16

loqs
Member
Registered: 2014-03-06
Posts: 13,172

Re: [Solved] Certificate issues with dotnet & nuget

Offline

#3 2021-03-20 17:45:47

faith
Member
Registered: 2019-09-25
Posts: 13

Re: [Solved] Certificate issues with dotnet & nuget

loqs wrote:

Doesn't look like that's it.

Offline

#4 2021-03-20 18:25:31

loqs
Member
Registered: 2014-03-06
Posts: 13,172

Re: [Solved] Certificate issues with dotnet & nuget

faith wrote:
loqs wrote:

Doesn't look like that's it.

https://github.com/NuGet/Home/issues/10 … -778841003 matches that change.  if you downgrade to ca-certificates-mozilla 3.62-1 then synchronize the mono certifcate store with the system one is the issue still present?

https://github.com/nss-dev/nss/commit/0 … a5d05e2f30 has been in updates since ca-certificates-mozilla 3.60-1 so that seems less likely to me.
Edit:
https://bugs.archlinux.org/task/70095

Last edited by loqs (2021-03-20 19:01:20)

Offline

#5 2021-03-21 10:38:41

faith
Member
Registered: 2019-09-25
Posts: 13

Re: [Solved] Certificate issues with dotnet & nuget

Thanks!

Downgrading ca-certificates-mozilla to 3.63 and copying .pem file manually fixes the issue!

Offline

#6 2021-04-07 17:58:44

aqez
Member
Registered: 2021-04-07
Posts: 1

Re: [Solved] Certificate issues with dotnet & nuget

Just in case anyone needs tips on how to do this (downgrading ca-certificates-mozilla), what I did was download these two files:
https://archive.archlinux.org/packages/ … kg.tar.zst
https://archive.archlinux.org/packages/ … ar.zst.sig

Then just pacman -U ca-certificates-mozilla-3.62-1-x86_64.pkg.tar.zst

There may be a better way to do so but this worked for me. Thanks to faith and loqs for the help on this!

Offline

Board footer

Powered by FluxBB