NuGet Warning NU3022
Scenario 1
Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The primary signature's timestamp certificate has an unsupported signature algorithm.
Issue
The certificate used to timestamp the package signature has an unsupported signature algorithm.
Solution
Please ensure that the timestamp authority's signing certificate has one of the following signature algorithms -
sha256WithRSAEncryptionsha384WithRSAEncryptionsha512WithRSAEncryption
Scenario 2
Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The timestamp certificate has an unsupported signature algorithm (SHA1). The following algorithms are supported: SHA256RSA, SHA384RSA, SHA512RSA.
Issue
The certificate used to timestamp the package signature has an unsupported signature algorithm.
Solution
Please request the package author to re-sign the package using the nuget sign command as described in NuGet docs using the -Timestamper option such that the timestamp authority signing certificate has one of the following signature algorithms -
sha256WithRSAEncryptionsha384WithRSAEncryptionsha512WithRSAEncryption
Note
When running the nuget verify -signatures command, NU3022 is raised as an error. Otherwise, NU3022 is raised as a warning.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for