Azure Storage explorer download failed with success message?

Question

I'm trying to download a file from azure storage explorer from azure blob container. But the download is getting failed with success msg with below error.

{

"name": "Error",

"message": "self signed certificate in certificate chain",

"stack": "Error: self signed certificate in certificate chain\n at TLSSocket. (_tls_wrap.js:1088:38)\n at emitNone (events.js:86:13)\n at TLSSocket.emit (events.js:188:7)\n at TLSSocket._finishInit (_tls_wrap.js:610:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)",

"code": "SELF_SIGNED_CERT_IN_CHAIN"

}

Can someone shed some light on this issue please ?

Thx, Arun

Answer 1

Error : Self-Signed Certificate in Certificate Chain ,Unable to retrieve child resources.

Issue for me: I am attached with office proxy server. But Azure Storage Explorer is not using that proxy.

Solution:

Azure Storage Explorer -> Edit -> Configure Proxy,
Source = No proxy "Changed to" Use System proxy(preview)

After making these changes; I am able access the resources.

Answer 2

self signed certificate in certificate chain

SELF_SIGNED_CERT_IN_CHAIN it indicates that Azure no longer know whether the received HTTPS message is tampered. You also could get the answer from Azure Storage Explorer troubleshooting guide.

Root Cause :

Error: Self-Signed Certificate in Certificate Chain

There are several reasons why you may encounter this error, and the most common two reasons are as follows:

The app is connected through a “transparent proxy”, which means a server (such as your company server) is intercepting HTTPS traffic, decrypting it, and then encrypting it using a self-signed certificate.

You are running an application, such as antivirus software, which is injecting a self-signed SSL certificate into the HTTPS messages that you receive.

Solution:

You can let Storage Explorer trust it.

When Storage Explorer encounters one of the issues, it can no longer know whether the received HTTPS message is tampered. If you have a copy of the self-signed certificate, you can let Storage Explorer trust it. If you are unsure of who is injecting the certificate, follow these steps to find it:

1. Install Open SSL

   • Windows (any of the light versions should be sufficient)
   • Mac and Linux: should be included with your operating system

2. Run Open SSL

   • Windows: open the installation directory, click /bin/, and then double-click openssl.exe.
   • Mac and Linux: run openssl from a terminal.

3. Execute s_client -showcerts -connect microsoft.com:443

4. Look for self-signed certificates. If you are unsure which are self-signed, look for anywhere the subject ("s:") and issuer ("i:") are the same.

5. When you have found any self-signed certificates, for each one, copy and paste everything from and including -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to a new .cer file. Open Storage Explorer, click Edit > SSL Certificates > Import Certificates, and then use the file picker to find, select, and open the .cer files that you created.

---

If you cannot find any self-signed certificates using the above steps, contact Azure team through the feedback tool for more help