Deploy custom policies with Azure Pipelines - Failing Recently SSL/TLS Error

NigelW61 41 Reputation points
2020-09-30T05:42:47.7+00:00

Hi,

I have been using the following to upload policies in my pipeline: https://learn.microsoft.com/en-us/azure/active-directory-b2c/deploy-custom-policies-devops

A few weeks ago this all stopped working, I traced it to the call for Invoke-RestMethod failing with the following error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

I can see for https://graph.microsoft.com/ the certificate was updated around the time I started to see issues.

Anyone else with this issue or know how to get it working again.

Thanks

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,837 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Adam Edwards 1 Reputation point Microsoft Employee
    2020-10-16T17:18:45.517+00:00

    The issue is most likely an Azure-wide issuer change that is described here: https://learn.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes. Ensuring the latest issuer / root certificates are on the VM running the tasks in Azure DevOps is the correct way to mitigate this issue -- ignoring TLS failures is of course extremely dangerous.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.