Mvc 5 web publishing ssl problem

Question

User-713088183 posted

Hello, I have problem with asp.net deployment on IIS 8.5 and web deploy 3.6, from Vistual Studio 2015. I getting this:

ERROR_CERTIFICATE_VALIDATION_FAILED
Could not establish trust relationship for SSL/TLS secure channel

Ok, I said fine and try use msdeploy from console with -allowUntrusted and it works fine.
But VS has many options to setting publish and database updating. I would like to run it with VS 2015.

In asp.net Core I can use something like this: <AllowUntrustedCertificates>true</AllowUntrustedCertificates> and it works well too. But ONLY for MVC Core.

here is my msdeploy.bat with working -allowUntrusted flag

set projectPath=%1
set msdeployDir="C:\Program Files (x86)\IIS\Microsoft Web Deploy V3"
%msdeployDir%\msdeploy^
 -verb:sync^
 -source:contentPath=%projectPath%^
 -dest:contentPath="myapp",ComputerName="https://server:8172/MsDeploy.axd?site=myapp",UserName='iis-deploy',Password='pass',AuthType='Basic'^
 -skip:objectName=node_modules^
 -skip:objectName=bower_components^
 -skip:objectName=css^
 -allowUntrusted

And this is my event log in IIS:

User: iis-deploy
Client IP: 89.190.94.194
Content-Type: application/msdeploy
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.1962.0
MSDeploy.Method: Sync
MSDeploy.RequestId: 77b24e10-33a8-4d62-9e59-7fa65ea0808d
MSDeploy.RequestCulture: cs-CZ
MSDeploy.RequestUICulture: cs-CZ
ServerVersion: 9.0.1955.0
Skip: objectName="^configProtectedData$"
Provider: auto, Path: 
Tracing deployment agent exception. ID: 77b24e10-33a8-4d62-9e59-7fa65ea0808d. 19. 11. 2016 10:39:46.
System.IO.EndOfStreamException: Unable to read beyond the end of the stream.
   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
   at System.IO.BinaryReader.ReadInt16()
   at Microsoft.Web.Deployment.PackageDeserializer.GetNextEntryType()
   at Microsoft.Web.Deployment.SerializationProvider..ctor(DeploymentBaseContext baseContext, PackageDeserializer deserializer)
   at Microsoft.Web.Deployment.PackageDeserializer.GetSerializationProvider()
   at Microsoft.Web.Deployment.DeploymentAgent.HandleSync(DeploymentAgentAsyncData asyncData, Nullable`1 passId, String user, String siteName)
   at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
   at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)

Is generated WMSVC cert. really untrusted? And how is possible fix it? 
Thank you.

Answer 1

User-460007017 posted

Hi petaskomasek,

Now that the problem could be fixed with allowUntrusted flag, it is obviously that the wmsvc cert is not trusted. I think the only way to resolve this problem is purchase a trust certififcate from CA or you could try to add the certificate to the trusted area in  Microsoft Management Console.

Please take the following steps to add the certificate to trusted area:

• Click Start, Run, type MMC, and press ENTER.
• Click File, Add/Remove Snap-in.
• From the list of available snap-ins, select Certficates, then click Add.
• When prompted, select the Computer Account option, and click Next.
• Select the computer that you want to manage, click Finish, then click OK.
• In the MMC, under Console Root, a node called Certificates has been added for the computer that you chose. Try to add the certificate to Trusted publisher and Trusted Root Certification Authorities.

Best Regards,

Yuk Ding