Vscode module PSU how trust self signed cert?

rstolpe · February 5, 2022, 6:07pm

Hi,
I have a self signed cert for https on my developer server and the vscode module are complaining.
How can I bypass this? I can’t connect to the server because of this.

Failed to query configuration files. unable to verify the first certificate This is a connection error.

DataTraveler · February 6, 2022, 12:16pm

I seem to be able to recreate the issue.

My next step was to add the cert to the user trusted certification authority. This changed the error to the more generic one below. This is where I’m stuck.

Failed to connect to PowerShell Universal. Universal may not be running or you need to update your settings.

I added the .pfx certificate to quite a few stores (both user & machine) but it does not make a difference.

@adam can you advise if it is possible to connect to PWU on https with the VS Code extension?

adam · February 6, 2022, 7:52pm

I don’t know why that isn’t working. We use the axios library to query the web service which certainly supports HTTPS. Feel free to raise an issue for it and I can look into it. There is likely a setting we can set to avoid certificate errors but it probably wants valid certificates by default.

github.com

ironmansoftware/universal-code/blob/master/src/universal.ts#L23

      
        
            request(path: string, method: any, data: any = null): AxiosPromise<any> | undefined {
            
            
    const settings = load();
            
            
    if (settings.appToken == null || settings.appToken === "") {
                    vscode.window.showErrorMessage("Not connected");
                    return;
                }
            
            
    return axios({
                    url: `${settings.url}${path}`,
                    method,
                    headers: {
                        authorization: `Bearer ${settings.appToken}`,
                        'Content-Type': 'application/json'
                    },
                    data: data
                });
            }
            
            
load() {

rstolpe · February 6, 2022, 8:05pm

I have done that

github.com/ironmansoftware/issues

vscode extension can't connect if SSL cert are self signed

opened 02:36PM - 06 Feb 22 UTC

rstolpe

bug PowerShell Universal

### Steps to Reproduce If your PSU server has a self signed SSL cert you can't …connect to it with the vscode extension. For more info see; https://forums.ironmansoftware.com/t/vscode-module-psu-how-trust-self-signed-cert/6582 ### Expected behavior ```console Somehow allow connection to psu servers with self signed certs. ``` ### Actual behavior ```console Can't connect it complaining about the cert ``` ### Environment data PSU 2.7.4 and latest vscode extension ### Visuals _No response_

adam · February 7, 2022, 12:15am

Sweet! I’ve updated the VS Code extension to support this as well as multiple connections.

rstolpe · February 7, 2022, 7:00am

Perfect, thanks

rstolpe · March 13, 2022, 2:46pm

The issue are still there, I was just trying it out.

adam · March 15, 2022, 8:34pm

Do you have the cert installed in trusted root? We aren’t ignoring certificate errors so if it’s not trusted you will see an error like this.

EMCwwong · June 14, 2023, 12:50pm

Can this be added to the PSU VS Code documentation?

This is a similar problem with using enterprise root certificates in VS Code. If you’re using a self signed cert, you’ll also need to have the right CN and SANs and added to trusted root certificates.

Then the procedure below should get it working. The extension explains what it does.

Install the win-ca (win-ca - Visual Studio Marketplace). This extension allows VS Code to inject additional certificates into the Certificate Chain that Extensions use.
Once this is installed open the command palate (control-shift-P) and type “Open User Settings” choose the “Open User Settings (JSON)” option and add the settings below:

"http.proxyStrictSSL" : true ,
"win-ca.inject" : "append"

With this complete you will need to reload VS Code. You can do this by opening the command palate again (control-shift-P) and searching for “Reload Window”.

zyx360 · February 9, 2024, 1:35pm

Just adding to this from my experience.

We use a self-signed CA in our environment. The thing that bit me is that if you have any remote connections added to vscode the trust between the vscode-extension and psu has to be established in the remote session, not from the developer console.

In my case it was a rhel based system and i had to copy my the public certificate of our CA to “/etc/pki/ca-trust/source/anchors/” and run “update-ca-trust” afterwards to compile the new list.

Topic		Replies	Views
VSCode - Self signed certificate PowerShell Universal	2	230	September 15, 2023
Error connecting to IIS server running PU using Visual Studio Code Extension PowerShell Universal	5	319	January 26, 2023
Having an issue connecting to PSU with VSCode PowerShell Universal	6	366	May 12, 2023
VSCode extension fails to connect without giving reason PowerShell Universal	7	374	January 14, 2023
Powershell Universal extension for VSCode unable to connect when HTTPS is configured Universal Dashboard	9	1688	October 8, 2020

Vscode module PSU how trust self signed cert?

Related topics