3

I have a ProGet server that currently uses SSL and requires a client certificate in order to communicate with it. We would like to be able to use this server directly from the command line or within the Visual Studio package manager.

When accessed via a browser there are no issues with viewing the repository. When using nuget.exe on the command line the result is 403 Forbidden. I have used Fiddler to monitor the request and it highlights that the server is asking for a client certificate, Fiddler allows you to inject the required certificate and the nuget request is then successful.

Is it possible to provide a client certificate when using NuGet:

nuget install PackageName -Source https://myhost -Cert ???

Or with a setup like this we are going to have to fall back to using an API key to gain access?

Are we able to provide the certificate when using Visual Studio?

oceanexplorer
  • 1,209
  • 3
  • 11
  • 24

3 Answers3

3

Starting from NuGet 5.7.2 you can use client-cert feature.

Configuration example:

<configuration>
    ...
    <packageSources>
        <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
        <add key="Contoso" value="https://contoso.com/packages/" />
        <add key="Example" value="https://example.com/bar/packages/" />
    </packageSources>
    ...
    <clientCertificates>    
        <storeCert packageSource="Contoso"
                   storeLocation="currentUser"
                   storeName="my"
                   findBy="thumbprint" 
                   findValue="4894671ae5aa84840cc1079e89e82d426bc24ec6" />
        <fileCert packageSource="Example"
                  path=".\certificate.pfx" 
                  password="..." />
        <fileCert packageSource="Bar"
                  path=".\certificate.pfx" 
                  clearTextPassword="..." />
    </clientCertificates>
...
</configuration>

Also you can use nuget client-certs CLI command for configuration.

BlackGad
  • 71
  • 5
0

I have realised that some years later I never posted the answer to this issue. In order to get NuGet to use certificates the certificate had to be added to the Credential Manager in Windows as a certificate based credential. NuGet then automatically picked this up when communicating with a matching URL.

oceanexplorer
  • 1,209
  • 3
  • 11
  • 24
0

On top of what the other people have suggested, make sure that the entire certification path of your certificate is valid, meaning that you install also any parent certificate to the Credential Manager in Windows in the Trusted Certificates, otherwise the certification path will fail.

largehadroncollider
  • 51
  • 4