Unable to get local issuer certificate with self-hosted agent on-premises

[JoshMichTot]

Hi guys,
This add-in worked well so far but got an issue while upgrading to latest Azure DevOps 2019 on Premise.
git-tag-on-release-task: Version: 8.0.1 ##[error]unable to get local issuer certificate
This error could be link to the fact my company enforced TLS 1.2 as default security protocol.
I managed to customise PowerShell script from different plug-in adding
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Anyone got the same issue ?
Are you mostly using it on Azure DevOps Service ?

[jabbera]

This uses node not powershell so that fix won't work. Do you have the NODE_ ca env variable set?

[JoshMichTot]

I'm still investigating this issue. I do not think it's link to the security protocole upgrade Tls 1.2.
The other change that happen on our premise was the switch to https connection with TFS server.

Is anyone else using it with https on Premise or is it mostly used on Cloud ?
I believe the code could fail at the connection

            let token: string = tl.getEndpointAuthorizationParameter("SYSTEMVSSCONNECTION", "AccessToken", false);
            let collectionUrl: string = tl.getEndpointUrl("SYSTEMVSSCONNECTION", false).replace(".vsrm.visualstudio.com", ".visualstudio.com"); // need build
            let authHandler = token.length === 52 ? vsts.getPersonalAccessTokenHandler(token) : vsts.getBearerHandler(token);
            let connect = new vsts.WebApi(collectionUrl, authHandler);

            let gitapi: git.IGitApi = await connect.getGitApi();

It's maybe link to the certificate management with the on premise agent.