从 VisualStudio2015发布-允许不受信任的证书

我正在从 Visual Studio 2015发布我的 ASP.NET 5 MVC6项目。我已经从服务器导入了发布配置文件。连接成功验证,但是当我发布我的项目时,我有以下错误:

错误 _ 证书 _ 验证 _ 失败

连接到远程计算机(“ XXXXXXXXX”) ,使用指定的 进程(“ Web 管理服务”) ,但无法验证服务器的 如果您信任服务器,请重新连接并允许 不可信的证书。

不允许在发布设置中使用不受信任的证书。

39941 次浏览
小开
最佳答案

The option to allow untrusted certificates is not yet supported in the current tooling. Hopefully, this gets updated very soon. You can, however, set it manually.

  1. Open the publish profile file (.pubxml) inside /Properties/PublishProfiles in a text editor
  2. Inside the <PropertyGroup> element, set AllowUntrustedCertificate to True (<AllowUntrustedCertificate>True</AllowUntrustedCertificate>) or add it if it doesn't exist
  3. Set UsePowerShell to False (<UsePowerShell>False</UsePowerShell>).

At this time of writing, the generated powershell script disregards the AllowUntrustedCertificate property which is probably a bug, hence, the need to set it to False.

You can get powershell to work if you update the module version in the .ps1 file.

As a side note, you can also get around this problem by "trusting" the server's certificate locally.

小开

For dot net core 1.0 you have to add the tag 

 <AllowUntrustedCertificate>True</AllowUntrustedCertificate>

to publishprofiles in your .pubxml file

小开

Update

Just a little observation, when deploying a .net core app on VS2015 or VS2017 community, to a remote IIS server please use this 

<UsePowerShell>True</UsePowerShell>

not

<UsePowerShell>False</UsePowerShell>

Discovered that deployment was completing as successful but no files were copied to server until I changed the tag to true.

I hope this helps someone.

小开

For me, the solution took 4 lines in the publish profile xml.

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<UseMsDeployExe>true</UseMsDeployExe>
<UserName>myuser</UserName>
<Password>mypass</Password>

The UseMsDeployExe changes the error to ignore the certificate, but not authenticate the user, hence the need for the user and pass (of the machine you're deploying to)

No changes were needed in the powershell script.

小开

I had <UsePowerShell>True</UsePowerShell> but it was still failing with the cert error.

  • I re-entered my password in the settings dialog and it still failed
  • Once I clicked on Validate Connection it started working.

Publish Settings Dialog

Note

  • VS 2017 (15.2)
  • My password recently changed
  • As a test, entered the wrong password and I got the cert error so the cert error is not just about an untrusted cert apparently
小开

Yet another solution

I created publish settings on the remote IIS and imported them in Visual Studio 2017 (15.2). After that I changed the URL to specify the sitename as the IIS-user only has access to the specific site (thanks to this answer on SO). I've entered the credentials via the UI and there is no need to store the password in the profile.

My profile looks like:

<WebPublishMethod>MSDeploy</WebPublishMethod>
<LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
<LastUsedPlatform>Any CPU</LastUsedPlatform>
<SiteUrlToLaunchAfterPublish>https://some.site.com:443/</SiteUrlToLaunchAfterPublish>
<LaunchSiteAfterPublish>True</LaunchSiteAfterPublish>
<ExcludeApp_Data>False</ExcludeApp_Data>
<PublishFramework>netcoreapp1.1</PublishFramework>
<ProjectGuid>eecf975e-f2e6-440f-bfd6-a0a63c25e3c3</ProjectGuid>
<MSDeployServiceURL>https://url.toourserver.com:8172/msdeploy.axd?site=some.site.com</MSDeployServiceURL>
<DeployIisAppPath>some.site.com</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
<EnableMSDeployBackup>True</EnableMSDeployBackup>
<UserName>IISUserName</UserName>
<AllowUntrustedCertificate>True</AllowUntrustedCertificate>
<_SavePWD>True</_SavePWD>

<AllowUntrustedCertificate> was needed as the self signed certificate is not trusted on my machine.

With this profile a backup is made according to the settings in IIS, the site is updated and opened in my browser when the process is finished :-)

Although all the other answers here also made it work, I thought it would be nice to share this way as it involves only a few changes (AllowUntrustedCertificate) and no storage of plain passwords.

小开

After importing or creating profile click configure and then validate connection. Enter password and finish the setup. Now deploy.

小开

Another solution as well

I had this same issue when deploying Azure Web Jobs in VS2019. Look at my answer here for more details.

小开

For dotnet 3.1.0 in VS 2019 just go "Edit" profile -> Validate Connection -> Accept the certificate and its done

小开

add this line to your publish profile which existed in the path like in the attached picture

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

enter image description here

小开

#1. Install the latest version of .NET CLI from https://download.microsoft.com/download/0/F/D/0FD852A4-7EA1-4E2A-983A-0484AC19B92C/dotnet-sdk-2.0.0-win-x64.exe

#2. set this property in the pubxml and it should work consistently:

true

(Under Properties\PublishProfiles<profilename>.pubxml)


提交答案