SSL certificate error when activating Unity via command line

When I attempt to activate a Unity installation via command line, I get an error (sometimes, not always) which makes it sound like the SSL cert in use at https://core.cloud.unity3d.com/api/login is self-signed.

I'm doing this to wrap test automation around my product's setup documentation - I want to be able to test that it works from a clean machine, but without all the toil of doing that by hand every two weeks as we do a release.

I'm using Unity 5.5.2f1 via chocolatey.org's excellent package manager, on Windows 10 Enterprise (since there's an evaluation ISO available). I've built the VM via packer, and am then using vagrant to start it then run through my setup guide commands.

The (powershell) command line (secrets are supplied via the environment variables):

Code (csharp):

1.  
2. Start-Process "c:\program files\unity\editor\Unity.exe" "-quit -batchmode -nographics -serial `"$($env:UNITY_SERIAL)`" -username `"$($env:UNITY_USERNAME)`" -password `"$($env:UNITY_PASSWORD)`" -logFile `"c:\setup-qa\unity-activate.log`"" -wait -verbose
3.  

The logfile content:

Code (csharp):

1.  
2. BatchMode: Unity has not been activated with a valid License. Could be a new activation or renewal...
3. (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/WinEditorMain.cpp Line: 837)
4. DisplayProgressbar: Unity license
5. SSL certificate problem: unable to get local issuer certificate while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 0
6. .Cancelling DisplayDialog: Updating license failed Failed to update license within 60 seconds. Exiting.
7. This should not be called in batch mode.
8. (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/EditorUtility.cpp Line: 1252)
9.  

Note that when I do this at an interactive command line, this works fine (unless my license key has had too many activations, though I've learned now how to release them from the website, and from the command line) most of the time.

Is it possible that some of the machines behind the load balancer have a self-signed cert...? I haven't been able to come up with any other reasonable explanations, and am now a bit stumped.

 

Can you help to check if the process run as a user that have admin permission?

Thanks.

 

@justinzheng thanks for replying. It's running from an administrator account, but not in an elevated prompt. UAC is disabled.

I'd be surprised if it needs elevation since
* I've seen what I'm attempting work, sometimes, and fail sometimes, with no changes to my scripts or environment - that suggests some dependency out of my control
* Unity seems to keep data it needs correctly within the user profile's AppData tree...? Or are there registry edits going on as well?

(However, I'd love to be surprised and find it's an error at my side!)

Code (csharp):

1.  
2. PS C:\Users\vagrant> Get-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ -name Enabl
3. eLUA
4.  
5. EnableLUA    : 0
6. PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
7.                s\System\
8. PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policie
9.                s
10. PSChildName  : System
11. PSDrive      : HKLM
12. PSProvider   : Microsoft.PowerShell.Core\Registry
13.  

I've noticed, also, that if I apply Windows Updates after the first activation failure, then after their reboot, activation does not fail with the self-signed certificate error. It either succeeds, or fails with a 400 Bad Request telling me I'm at my activation limit for this serial (which is correct; at this point I am).

By the way - the 3 day limit on using the website to release the activations is _killer_ for iterating on this

 

What is the content of 400 error? Can you share us from it Editor.log?

 

The 400 informed me that I had activated that serial number too many times - totally legit, explicable error.

The key thing was that it wasn't a self-signed-cert error.

 

If you'd like me to zip up my scripts (there's nothing proprietary in them, and the VM is based on an MS evaluation ISO), then I can do that? I don't want to share them publicly, however.

 

I've uploaded them via the bug reporter - case 911541.

 

The log you shared seems on a Mac instead of Windows.
And the error in the log shows error:

No sufficient permissions while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 401

That mean username/password error. Could it be you have some strange character in password that need to be escape?

Thanks.

 

My password has {, }, and < characters inside it. However, if it were a shell expansion issue, that doesn't explain why the same credentials work the second time they are attempted...?

Here's a log from a Windows run of the scripts I added to the bug report:

Code (csharp):

1.  
2.     default: Running: script: activate unity
3. ==> default: Running Unity so that it can create/download the CACerts.pem that it needs for activation.
4. ==> default: Killing Unity after allowing it some time to do magical internal things (tm)
5. ==> default: VERBOSE: Performing the operation "Stop-Process" on target "Unity (2192)".
6. ==> default: Run Unity synchronously to return any activated license; shouldn't be one, but ensures clean slate.
7. ==> default: UNITY_SERIAL: <redacted>
8. ==> default: UNITY_USERNAME: <redacted>
9. ==> default: Attempting to activate Unity license.
10. ==> default: Result of activation attempt:
11. ==> default: BatchMode: Unity has not been activated with a valid License. Could be a new activation or renewal...
12. ==> default:
13. ==> default: (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/WinEditorMain.cpp Line: 837)
14. ==> default: DisplayProgressbar: Unity license
15. ==> default: SSL certificate problem: unable to get local issuer certificate while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 0
16. ==> default: .Cancelling DisplayDialog: Updating license failed Failed to update license within 60 seconds. Exiting.
17. ==> default: This should not be called in batch mode.
18. ==> default:
19. ==> default: (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/EditorUtility.cpp Line: 1252)
20. ==> default: First activation attempt failed, trying again in case connectivity was the issue.
21. ==> default: Result of activation attempt 2:
22. ==> default: BatchMode: Unity has not been activated with a valid License. Could be a new activation or renewal...
23. ==> default:
24. ==> default: (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/WinEditorMain.cpp Line: 837)
25. ==> default: DisplayProgressbar: Unity license
26. ==> default: SSL certificate problem: unable to get local issuer certificate while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 0
27. ==> default: .Cancelling DisplayDialog: Updating license failed Failed to update license within 60 seconds. Exiting.
28. ==> default: This should not be called in batch mode.
29. ==> default:
30. ==> default: (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/EditorUtility.cpp Line: 1252)
31.  

 

And here's a Windows log from the second attempt - I did not reboot before this second attempt.

Code (csharp):

1.  
2.     default: Running: script: activate unity
3. ==> default: Running Unity so that it can create/download the CACerts.pem that it needs for activation.
4. ==> default: Killing Unity after allowing it some time to do magical internal things (tm)
5. ==> default: VERBOSE: Performing the operation "Stop-Process" on target "Unity (1352)".
6. ==> default: Run Unity synchronously to return any activated license; shouldn't be one, but ensures clean slate.
7. ==> default: UNITY_SERIAL: <redacted>
8. ==> default: UNITY_USERNAME: <redacted>
9. ==> default: Attempting to activate Unity license.
10. ==> default: Result of activation attempt:
11. ==> default: BatchMode: Unity has not been activated with a valid License. Could be a new activation or renewal...
12. ==> default:
13. ==> default: (Filename: C:/buildslave/unity/build/Editor/Platform/Windows/WinEditorMain.cpp Line: 837)
14. ==> default: DisplayProgressbar: Unity license
15. ==> default: User <redacted> logged in successfully
16. ==> default: LICENSE SYSTEM [2017522 11:15:12] Starting license activation with account <redacted>
17. ==> default: LICENSE SYSTEM [2017522 11:15:12] Opening https://license.unity3d.com/update/poll?cmd=9&tx_id=7acdcb75b1e8f8f44ba61c1507396f31&(serial removed)
18. ==> default: LICENSE SYSTEM [2017522 11:15:12] Posting <?xml version="1.0" encoding="UTF-8"?><root><SystemInfo><IsoCode>en</IsoCode><UserName>vagrant</UserName><OperatingSystem>Windows 10  (10.0.0) 64bit</OperatingSystem><OperatingSystemNumeric>1000</OperatingSystemNumeric><ProcessorType>Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz</ProcessorType><ProcessorSpeed>2494</ProcessorSpeed><ProcessorCount>1</ProcessorCount><ProcessorCores>1</ProcessorCores><PhysicalMemoryMB>2048</PhysicalMemoryMB><ComputerName>VAGRANT-10</ComputerName><ComputerModel>VirtualBox (innotek GmbH)</ComputerModel><UnityVersion>5.5.2f1</UnityVersion></SystemInfo><License id="Terms"><MachineID Value="lZ5xLjS1S2bIJeKEW9Q6hGLp+r8=" /><MachineBindings><Binding Key="1" Value="00329-20000-00001-AA934" /><Binding Key="2" Value="BVb887f8f4e-816e42" /><Binding Key="4" Value="MA==" /><Binding Key="5" Value="08:00:27:40:22:9c" /></MachineBindings><UnityVersion Value="5.5.2f1" /></License></root>
19. ==> default: LICENSE SYSTEM [2017522 11:15:13] Received https://license.unity3d.com/update/poll?cmd=9&tx_id=7acdcb75b1e8f8f44ba61c1507396f31&(serial removed)
20. ==> default: LICENSE SYSTEM [2017522 11:15:13] Headers:
21. ==> default:     HTTP/1.1 200 OK
22. ==> default:     Server: nginx/1.2.1
23. ==> default:     Date: Mon, 22 May 2017 10:15:13 GMT
24. ==> default:     Content-Type: application/xml; charset=utf-8
25. ==> default:     Content-Length: 173
26. ==> default:     Connection: keep-alive
27. ==> default:     Status: 200 OK
28. ==> default:     X-Frame-Options: SAMEORIGIN
29. ==> default:     X-XSS-Protection: 1; mode=block
30. ==> default:     X-Content-Type-Options: nosniff
31. ==> default:     X-RX: 4588ca04a5eb9728835e7bc9802cac1be1d6d53a
32. ==> default:     ETag: W/"5989a943365d5f18674d662021c4edeb"
33. ==> default:     Cache-Control: max-age=0, private, must-revalidate
34. ==> default:     Set-Cookie: _activation_session=ODg0eDB1T3ZNeW1XNDhsUVk2RzhqV3ZVRXEzcVdsRjRNd2g4R2taTXdQSThvclh1VTFYeEsrWXVrNFFhR2VFb0EySE9DemNrUVcwdll4WlN1RHhiRkJ5QitiN2R3NXo1SWg4ZE91cFVkdlYrd2s5a01FWHd0RmZkcmQ2QW80SzJYdnF5OXdxQmFuTk5ReVkyWWI3OFJRPT0tLXhZVGJJbVdyalpsVmU4ckpGeGRiZ0E9PQ%3D%3D--5ba29d810ebd5b07f7bdc3d7efda6888081f56f3; path=/; secure; HttpOnly
35. ==> default:     X-Request-Id: f30f7619-10b5-4077-b15d-e6d0e10efecf
36. ==> default:     X-Runtime: 0.401822
37. ==> default:     Accept-Ranges: bytes
38. ==> default:     X-Varnish: 2714570054
39. ==> default:     Age: 0
40. ==> default:     Via: 1.1 varnish
41. ==> default:     Set-Cookie: SERVERID=varnish01; path=/
42. ==> default:
43. ==> default: LICENSE SYSTEM [2017522 11:15:14] Opening https://activation.unity3d.com/license.fcgi?CMD=9&TX=7acdcb75b1e8f8f44ba61c1507396f31&RX=4588ca04a5eb9728835e7bc9802cac1be1d6d53a
44. ==> default: LICENSE SYSTEM [2017522 11:15:14] Posting <?xml version="1.0" encoding="UTF-8"?><root><SystemInfo><IsoCode>en</IsoCode><UserName>vagrant</UserName><OperatingSystem>Windows 10  (10.0.0) 64bit</OperatingSystem><OperatingSystemNumeric>1000</OperatingSystemNumeric><ProcessorType>Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz</ProcessorType><ProcessorSpeed>2494</ProcessorSpeed><ProcessorCount>1</ProcessorCount><ProcessorCores>1</ProcessorCores><PhysicalMemoryMB>2048</PhysicalMemoryMB><ComputerName>VAGRANT-10</ComputerName><ComputerModel>VirtualBox (innotek GmbH)</ComputerModel><UnityVersion>5.5.2f1</UnityVersion></SystemInfo><License id="Terms"><MachineID Value="lZ5xLjS1S2bIJeKEW9Q6hGLp+r8=" /><MachineBindings><Binding Key="1" Value="00329-20000-00001-AA934" /><Binding Key="2" Value="BVb887f8f4e-816e42" /><Binding Key="4" Value="MA==" /><Binding Key="5" Value="08:00:27:40:22:9c" /></MachineBindings><UnityVersion Value="5.5.2f1" /></License></root>
45. ==> default: LICENSE SYSTEM [2017522 11:15:14] Received https://activation.unity3d.com/license.fcgi?CMD=9&TX=7acdcb75b1e8f8f44ba61c1507396f31&RX=4588ca04a5eb9728835e7bc9802cac1be1d6d53a
46. ==> default: LICENSE SYSTEM [2017522 11:15:14] Headers:
47. ==> default:     HTTP/1.1 200 OK
48. ==> default:     Server: nginx/1.2.1
49. ==> default:     Date: Mon, 22 May 2017 10:15:14 GMT
50. ==> default:     Content-Type: text/xml; charset=ISO-8859-1
51. ==> default:     Content-Length: 2270
52. ==> default:     Connection: keep-alive
53. ==> default:     Accept-Ranges: bytes
54. ==> default:     X-Varnish: 2714570295
55. ==> default:     Age: 0
56. ==> default:     Via: 1.1 varnish
57. ==> default:     Set-Cookie: SERVERID=varnish01; path=/
58. ==> default:
59. ==> default: LICENSE SYSTEM [2017522 11:15:14] License activated successfully with user: <redacted>
60. ==> default: LICENSE SYSTEM [2017522 11:15:14] Next license update check is after 2017-05-23T10:15:14
61. ==> default: Built from '5.5/release' branch; Version is '5.5.2f1 (3829d7f588f3) revision 3680727'; Using compiler version '160040219'
62. ==> default: OS: 'Windows 10  (10.0.0) 64bit' Language: 'en' Physical Memory: 2048 MB
63. ==> default: BatchMode: 1, IsHumanControllingUs: 0, StartBugReporterOnCrash: 0, Is64bit: 1, IsPro: 1
64. ==> default: Initialize mono
65.  

 

Hi Peter,

Those logs are from difference scenario,
1. In the log you attached in the bug 911541, it has message:

Code (CSharp):

1. No sufficient permissions while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 401

That's why I want to check with you if there are password escape issue.

2. In the log you attached in this mail thread, it has message:

Code (CSharp):

1.  
2. ==> default: DisplayProgressbar: Unity license
3. ==> default: SSL certificate problem: unable to get local issuer certificate while processing request "https://core.cloud.unity3d.com/api/login", HTTP error code 0

This should caused by the pem issue. I don't know why the second time works but I believe the second time the certificate pem file should be created.

In our implementation, the pem file will be generated everytime when Unity started, so that you don't need to create job:

Code (CSharp):

1. Write-Output "Running Unity so that it can create/download the CACerts.pem that it needs for activation."
2. $unityProcess = Start-Process "c:\program files\unity\editor\Unity.exe" -passthru -verbose

If we check the log, we can see:

Code (CSharp):

1.  
2. 2017-05-16 13:58:08.885 Unity[54921:290378] NSDocumentController Info.plist warning: The values of CFBundleTypeRole entries must be 'Editor', 'Viewer', 'None', or 'Shell'.
3. ...270213 bytes written to /Users/peter/Library/Unity/Certificates/CACerts.pem
4.  

We can do some check with the generated pem file. It could be that windows machine do not have required certificate.