Certificate Chain Validation Failed

How to resolve the error received while trying to sign the packages - "Certificate Chain validation failed" ?

The certificate generated by the IIS server is for client and server authentication, by default.

Package publishing requires a code signing certificate. Therefore, using the default IIS self-signed certificate will not work.

A code signing certificate must be generated, which can be done as follows:

  1. Run PowerShell commands:
  • New-SelfSignedCertificate -Subject "CN=CERTNAME, OU=PackageSigningTest" `-FriendlyName "NuGetTestDeveloper" -Type CodeSigning `-KeyUsage DigitalSignature -KeyLength 2048 `-KeyAlgorithm RSA -HashAlgorithm SHA256 -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -CertStoreLocation "Cert:\CurrentUser\My"
  • The output of the above command will look like below:1.jpg
  • It will create the certificate in the "Cert:\CurrentUser\My" location
  1. Export the certificate from it and install it in the Personal and Trust Root Certificate Authority. Use the below command to export the certificate:

$cert = Get-ChildItem -Path cert:\CurrentUser\My\{Thumbprint_Value}

Export-Certificate -Cert $cert -FilePath c:\certs\user.cer

  • Here {Thumbprint_Value} is the value received from the previous PowerShell command and "FilePath" is a location where the certificate needs to be saved. ( While replacing the thumbprint with actual value, do not include flower brackets{ } )
  1. Note that according to the current design of UiPath Studio, certificates of type (.pfx,.p12) are only allowed to be used as signing certificates. Use the below command to extract the certificate in the aforementioned format:

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText

Export-PfxCertificate -Cert cert:\currentuser\my\{Thumbprint_value} -FilePath c:\myexport.pfx -ChainOption EndEntityCertOnly -NoProperties -Password $mypwd

Note: In the value for the String parameter, provide the "Password". For example, replace 1234 with a password of your choice.

  1. Add the trusted author/repository/owner in the Nuget.config file by following the steps here.
Note: In Nuget.config file use SHA 256 fingerprint instead of SHA 1 fingerprint