Pull nuget dependencies from private nuget repository
The remote certificate is invalid according to the validation procedure.
[16:35:31][Step 2/4] C:\Program Files\dotnet\sdk\2.1.301\NuGet.targets(114,5): error : Failed to retrieve information about 'Microsoft.AspNetCore' from remote source 'https://testartifactory.xxx.org/artifactory/api/nuget/nuget/FindPackagesById()?id='Microsoft.AspNetCore'&semVerLevel=2.0.0'. [C:\app\Core.Services.sln]
[16:35:31][Step 2/4] C:\Program Files\dotnet\sdk\2.1.301\NuGet.targets(114,5): error : The SSL connection could not be established, see inner exception. [C:\app\Core.Services.sln]
[16:35:31][Step 2/4] C:\Program Files\dotnet\sdk\2.1.301\NuGet.targets(114,5): error : The remote certificate is invalid according to the validation procedure. [C:\app\Core.Services.sln]
[16:35:31][Step 2/4] Retrying 'FindPackagesByIdAsyncCore' for source 'https://testartifactory.xxx.org/artifactory/api/nuget/nuget/FindPackagesById()?id='DocumentFormat.OpenXml'&semVerLevel=2.0.0'.
[16:35:31][Step 2/4] The SSL connection could not be established, see inner exception.
[16:35:31][Step 2/4] The remote certificate is invalid according to the validation procedure.
Since this is nano Image, I couldnt figure out our internal CA cert to the image.
docker versionClient:
Version: 18.09.2
API version: 1.39
Go version: go1.10.6
Git commit: 1ac774dfdd
Built: unknown-buildtime
OS/Arch: windows/amd64
Experimental: false
Server:
Engine:
Version: 18.09.2
API version: 1.39 (minimum version 1.24)
Go version: go1.10.6
Git commit: 1ac774dfdd
Built: 02/10/2019 04:13:25
OS/Arch: windows/amd64
Experimental: false
docker infoPS C:\Windows\system32> docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 17
Server Version: 18.09.2
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: ics l2bridge l2tunnel nat null overlay transparent
Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows Server 2019 Standard Version 1809 (OS Build 17763.316)
OSType: windows
Architecture: x86_64
CPUs: 4
Total Memory: 8GiB
Name: docker-server
ID: KTPV:IWPI:5IMR:LCAK:6XVT:AC3A:FZAB:MQ4U:JWIZ:U5O3:R56Y:NPDB
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
I couldn't figure out how to add our internal CA cert to nano image, is there a way to add it?
@rammaram06 - Take a look at the Developing ASP.NET Core Applications with Docker over HTTPS which illustrates how certs are being used with a running app utilizing a volume mount.
-v %USERPROFILE%\.aspnet\https:C:\Users\ContainerUser\AppData\Roaming\ASP.NET\Https
Closing as this issue isn't directly related to the microsoft/dotnet image content. You might have better luck getting a good answer on StackOverflow where the audience is much larger.
@MichaelSimons So, I think you're referring to using a certificate with a running app but the problem seems to be with the docker environment being able to communicate with a nuget server during the build process (as OP suggested: dotnet restore). Are we talking about the same thing?
@jstafford5380 - for build scenarios, there are a couple options I have seen used in practice. This blog article (which I have no association with) explains one. Going forward however, Docker has been adding better support for build secrets which is described here. This support has not yet shipped in production.
I don't think that's the issue either. I think this might be more relevant if it were about talking to a private nuget server where you would have to pass an api key or something to gain access as the OP is describing, but this happens even in a nothing-special scenario where it's literally just trying to restore packages from nuget.org and it can't establish a connection because the SSL connection is failing. It's likely a solution that should be proposed by Docker, but I think it would behove Microsoft at this stage to propose a solution as well as this is likely an issue with the Corporate firewall which falls firmly in Microsoft's target user base.
I am facing similar issue.
1>/usr/share/dotnet/sdk/2.2.401/NuGet.targets(123,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/src/KubernetisTest/KubernetisTest.csproj]
1>/usr/share/dotnet/sdk/2.2.401/NuGet.targets(123,5): error : The SSL connection could not be established, see inner exception. [/src/KubernetisTest/KubernetisTest.csproj]
1>/usr/share/dotnet/sdk/2.2.401/NuGet.targets(123,5): error : The remote certificate is invalid according to the validation procedure. [/src/KubernetisTest/KubernetisTest.csproj]
Any help would be appreciated.
We have the same problem with our local NuGet server. The server uses a self-signed certificate and we cannot restore NuGet packages from this server when running "dotnet restore" in a docker container.
I stumbled across this post
"https://developercommunity.visualstudio.com/content/problem/530691/response-status-code-does-not-indicate-success-401.html"
Change the PAT Organization to "All accessible organizations" AND scroll through the permission\security sections and set the following:
Build (Artifacts, definitions, requests, queue a build, and updated build properties): Read
Connected server (Access endpoints): Connected server
Packaging (Create, read, update, and delete feeds and packages): Read
(Not sure if all of these are required.)
Docker File:
FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-stretch-slim AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:2.2-stretch AS build
WORKDIR /src
# The Personal Access Token arg
ARG PAT
# Set environment variables
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS '{"endpointCredentials":[{"endpoint":"https://pkgs.dev.azure.com/ORG/_packaging/FEEDNAME/nuget/v3/index.json","username":"USERNAME","password":"'${PAT}'"}]}'
# Get and install the Artifact Credential provider
RUN wget -O - https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
COPY ["PROJECTNAME.csproj", "./"]
RUN dotnet restore -s "https://pkgs.dev.azure.com/ ORG /_packaging/ FEEDNAME /nuget/v3/index.json" -s "https://api.nuget.org/v3/index.json"
COPY . ./
WORKDIR /src
RUN dotnet build " PROJECTNAME.csproj" -c Release -o /app
FROM build AS publish
RUN dotnet publish --no-restore " PROJECTNAME.csproj" -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", " PROJECTNAME.dll"]
docker command:
docker build -t BUILDNAME:local . --build-arg PAT=xxxxxxxxxxxxxxxxxxxxxxxxx
Importing certificate into my docker image worked for me.
used Import-Certificate
Most helpful comment
We have the same problem with our local NuGet server. The server uses a self-signed certificate and we cannot restore NuGet packages from this server when running "dotnet restore" in a docker container.