Skip to content
August 31, 2017 / kiranpatils

Sitecore TDS Classic Deployment over HTTPS


In case if you are using TDS. You know that it simplifies Development and deployment a lot. [If you are not — Then I strongly recommend — Read more Why :]

I have been lucky enough to configure it for lot of projects to make it deployment process smoother — Especially with TeamCity. Recently, I was doing it for one of the project where Target server works over HTTPS only. If you know internals of TDS Classic – It uses .asmx service as connector to do lot of magic.

When we tried to integrate it we faced following error:

“D:\\Project.Core.scproj” (default target) (15) ->
(InstallSitecoreConnectorFilesWithRecycle target) ->
C:\Program Files (x86)\MSBuild\HedgehogDevelopment\SitecoreProject\v9.0\HedgehogDevelopment.SitecoreProject.targets(478,5): warning : Server responded with Could not establish trust relationship for the SSL/TLS secure channel with authority ‘HOSTNAME’. [D:\\Project.Core.scproj]

Tried to search it over Web. But couldn’t find anything useful. So, I thought will write so it appears for you when you search next — Yes, You are facing same problem? Then this post have a solution. Which might work for you.


I thought to check with \Hedgehog folks and I really like their support team – Very prompt, Very sharp and super helpful. I got connected with Kliment Klimentov. And he/she had been super helpful related to this issue.

  1. If you have installed Valid SSL Certificate then you no need to do anything
  2. But as we were trying to deploy on lower environment – DEV/QA/UAT — Where we were using IIS Dev Certificate
  3. We got following steps from TDS Classic Support team

You can create a self-signed certificate with correct certificate chain installing makecert and running the following commands:
//this will create the Root CA (if the company is called Test Company, and the subject key is sitecorecert):
cd C:\Program Files (x86)\Windows Kits\8.1\bin\x64
makecert.exe -n “CN=Test Root CA,O=Test Company,OU=Dev,L=Sofia,S=SF,C=BG” -pe -ss Root -sr LocalMachine -sky sitecorecert -m 120 -a sha256 -len 2048 -r
//this is for the certificate itself (if the website has a binding for sitecorecert and the root CA created in the previous step is called Test Root CA):
makecert.exe -n “CN=sitecorecert” -pe -ss My -sr LocalMachine -sky exchange -m 120 -in “Test Root CA” -is Root -ir LocalMachine -a sha1 -eku

Which to be honest, I got confused. Not because of steps. But because my lack of knowledge on this Certificate things. So, read some basics. And tried to break this steps in more simplified manner and thought to share my learnings with you:

My few of the questions were — Okay this steps needs to be done on server then what should be done on client? How to map certificate with site? And so on..

Basically, You need to do Self-Signed Certificate related configurations on both Buid Server [You can also call it as Client] and Web/App Server [Server]

Web/App Server

New-SelfSignedCertifcate -DnsName “YOURHOSTNAME”

  • Once done — Open MMC and Add Certificated Snap-In and Export your newly created Certificate [I Was able to find it under “Intermediate Certification Authorities” | “Certificates”]

  • From Site Binding — Use this newly self-signed certificate
  • Visit website and you should be good!

Build/Client Server

  • Copy exported .cer file from Server to Build/Client server [From wherever you were getting error]
  • Right click on Certificate and select Install Certificate
  • When you are on step to select Certificate Store, Make sure you select “Trusted Root Certification Authorities”

  • That’s it!

Have a happy and smooth deployment — Go home with smiling face! 🙂

Update : 04-Nov-2017

Recently solved this same challenge using different appraoch. So, thought to share with you.

  1. We were making our site to be always on HTTPS. [Read : And we were using UrlRewrite rule to redirect all requests on HTTPS
  2. This affected our TeamCity and TDS Automatic deployment
  3. To fix this, We thought to install multiple [QA and Prod] SSL Certificates on all environments.
  4. But then we had Eureka moment! Where we were fine to do TDS Sync over HTTP.
  5. And this is how we have done it. Added following rule in Url Rewrite which ignores TDS Service
<!--Ignored SSL for TDS-->
  <rule name="TDS Ignore"  stopProcessing="true">
    <match url="^_dev/tdsservice.asmx$" />
    <action type="None"/>



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: