IIS Publish Error: Could not verify the server’s certificate

When publishing a website to IIS (Internet Information Services), it’s not uncommon to encounter errors from time to time.

If you’re publishing an intranet application there are a number of errors that are more likely to crop up.

In this post, I explain how to resolve a specific publish error relating to the server certificate.

Server certificate error

Whenever an IIS publish error occurs, within Visual Studio you’ll typically see an error dialog that looks similar to the screenshot below.

Note that I am using Visual Studio 2019.

Publish error dialog
Publish error dialog

The above error dialog isn’t particularly useful on its own, although it does include the location of a temporary file containing contents that are similar to the following.

18/10/2021 20:47:20
System.AggregateException: One or more errors occurred. ---> Microsoft.WebTools.Shared.Exceptions.WebToolsException: Build failed. Check the Output window for more details.
--- End of inner exception stack trace ---
---> (Inner Exception #0) Microsoft.WebTools.Shared.Exceptions.WebToolsException: Build failed. Check the Output window for more details.<---

Microsoft.WebTools.Shared.Exceptions.WebToolsException: Build failed. Check the Output window for more details.

===================

As per the above exception messages, we need to look at the Output (or the Error List) window to see more details on the actual error we are dealing with.

The full error message relating to the server certificate error is as follows.

Web deployment task failed. (Connected to the remote computer ("myserver") using the specified process ("Web Management Service"), but could not verify the server’s certificate. If you trust the server, connect again and allow untrusted certificates. Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.)
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
Publish failed to deploy.

Note that the text “myserver” within the above error message will vary depending on your server name.

The link supplied in the error message (scroll to the right) helps to explain what the problem is but it doesn’t provide enough information on how to fix the issue when publishing to IIS using the latest versions of Visual Studio.

Let’s take a look at how to fix the error next.

Fixing the error

There are a few different ways of fixing the publish error, I will show you both a temporary and a permanent solution.

At this stage, it is important to point out that if you are attempting to publish a web application that is exposed to the public internet you should not follow the instructions contained in the upcoming sections. If this is the case, there is likely a real problem with your server certificate that you need to resolve in order to provide a secure connection to your website.

Ok, so if you’re publishing an intranet application to IIS let’s proceed with fixing the error.

Validate the connection

The first way of fixing the error is a temporary one.

It turns out that all you need to do to fix the problem temporarily is to validate the connection before you publish your site to the server running IIS.

To do this, right-click on your main web project within the Solution Explorer in Visual Studio and click on the ‘Publish…’ option from the context menu.

From the Publish view, click on the blue ‘Edit’ link to open the Publish dialog.

From the Publish dialog, click on the ‘Validate Connection’ button.

Publish dialog after connection validation
Publish dialog after connection validation

As per the above screenshot, a green tick icon should appear if the validation was successful.

Now close the Publish dialog by pressing either the ‘Save’ or ‘Cancel’ button.

When you’re ready, back on the Publish view, click the ‘Publish’ button.

The publish should now work!

Publish profile amendment

In order to fix the publish error permanently, you can amend your publish profile.

If your site is definitely always going to remain an intranet site and you are not expecting a valid server certificate when you publish your site, you can choose to allow untrusted certificates.

The tooling in Visual Studio doesn’t support enabling the option to allow untrusted certificates, so you’ll need to edit the publish profile file directly.

To edit the publish profile file, expand the ‘Properties’ node under your main web project within the Solution Explorer in Visual Studio. Expand the ‘PublishProfiles’ folder and double-click on your publish profile file e.g. ‘IISProfile.pubxml’.

Now edit your publish profile file to include the following XML element and associated value before the closing PropertyGroup tag.

<AllowUntrustedCertificate>True</AllowUntrustedCertificate>

Save the changes to your publish profile file and try publishing to IIS again.

The publish process should now work every time, even after restarting Visual Studio.

Summary

In this post, I have documented how to fix a specific error regarding an invalid server certificate when publishing an intranet application to IIS.

I have provided details on the error and how to find more information about its cause.

Lastly, I have provided both a temporary and permanent solution for fixing this specific issue.


I hope you enjoyed this post! Comments are always welcome and I respond to all questions.

If you like my content and it helped you out, please check out the button below 🙂

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.