VSTS - Failed in getBuild with error: Error: self signed certificate in certificate chain

Error on the Release agent using Visual Studio Team Services (cloud version of TFS)

Failed in getBuild with error: Error: self signed certificate in certificate chain

Error: self signed certificate in certificate chain

Solution:

Had to configure the agent on the target server - which I already read on another issue but when I ran the .\config.cmd - it said to remove the agent since the configuration cannot be changed while it exists/runs. Then to re-create the agent, I just got the script from the VSTS and it didn't have the cert param - so was confounded on how to mention the cert in the params for the configuration for the agent. Finally figured it out.

1)Remove the agent:
c:/vsts/a1> .\config.cmd remove

2)Then get the SSL certificate(.pem file) and put it in the root folder of the agent i.e. c:\vsts\a1 in this case. To get the .pem file:

•Export CA cert from Trusted Root CA Store, use Base64 Encoding X.509 (.CER) format, name the export cert to something like ca.pem.
•Export any intermediate CA cert from Intermediate CA Store, use Base64 Encoding X.509 (.CER) format, name the export cert to something like ca_inter_1/2/3.pem. Concatenate all intermediate ca certs into ca.pem, your ca.pem might looks like following:
-----BEGIN CERTIFICATE-----
(Your Root CA certificate: ca.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate CA certificate: ca_inter_1.pem)
-----END CERTIFICATE-----
...
-----BEGIN CERTIFICATE-----
(Your Intermediate CA certificate: ca_inter_n.pem)
-----END CERTIFICATE-----

3) Then run the config command again (to configure the agent again with the sslcacert param and anything else you need)
.\config.cmd --sslcacert your-corp-ssl-cert.pem --deploymentgroup --deploymentgroupname "deployment-group-name" --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://your-corp-name.visualstudio.com/' --projectname 'your-project-name';