We ran into an issue where all but one of our on-prem build servers were not able to download a third party file as part of a widely used extension [purposely omitting the name for security reasons], and the only way we could get it to work was to modify the .certificates file in the agent install directory.
I was able to find what I think is the source file in github - but there are no comments or documentation available. We stumbled onto this because one of our five build machines had this file [and worked], but the other four didn't. Does anybody know what generates this file and what these options are for?
File contents:
{
"skipServerCertValidation": true,
"caCert": null,
"clientCert": null,
"clientCertPrivatekey": null,
"clientCertArchive": null,
"clientCertPasswordLookupKey": null
}
Does anybody know what generates this file and what these options are for?
When you config the agent with --sslskipcertvalidation, the .certificates file will be created with the contents you shared, and the agent will ignore SSL server certificate validation error. You can refer Work with SSL server certificate for more details.
config.cmd --sslskipcertvalidation