NuGet Warning NU3018
Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The primary signature's signing certificate is not trusted by the trust provider.
Issue
NuGet client failed to verify the certificate chain for the signing certificate used to sign the package.
Solution
Please ensure that the package signature has a valid certificate chain. You can verify the package signature by running the nuget verify -signatures or dotnet nuget verify command on the package. If the problem persists, then please file an issue at NuGet/Home along with the package that generated this problem.
Note
When NuGet’s signature validation mode is set to accept (default), NU3018 is raised as a warning.
When NuGet’s signature validation mode is set to require, or when running the nuget verify -signatures command, NU3018 is elevated from a warning to an error in most cases.
For Linux and macOS, see NuGet signed-package verification. Specifically for untrusted root certificate warnings/errors on Linux and macOS, also see NU3042.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for