SSL Error When Searching Templates from CLI on MacOS

### Product

dotnet CLI (dotnet new)

### Describe The Bug

When attempting to search the available templates from CLI on MacOS there is a certificate error that occurs which prevents the process from completing.

Looking at the diagnostic details I'm actually able to navigate to the [page](https://go.microsoft.com/fwlink/?linkid=2168770&clcid=0x409) that the cli tool claims is failing due to certificate error using Edge, Safari, and even cURL and they all seem to find no issue with the certificate.

In addition, installing tools, nuget packages, known templates, and even updating the templates -- all from the command line - works flawlessly

The output from the search is as follows:

```
> dotnet new search test -d

Global Settings Location: /Users/mad/.templateengine
[2026-01-05 11:54:39.270] [Debug] [Template Engine] => [Execute]: Execute started
Searching for the templates...
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Initializing search cache...
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Search cache file location: /Users/mad/.templateengine/dotnetcli/10.0.101/nugetTemplateSearchInfo.json.
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Updating the search cache...
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Checking the age of search cache...
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: The search cache file /Users/mad/.templateengine/dotnetcli/10.0.101/nugetTemplateSearchInfo.json doesn't exist, and needs to be created.
[2026-01-05 11:54:39.297] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Retrieving cache file from https://go.microsoft.com/fwlink/?linkid=2168770&clcid=0x409 ...
[2026-01-05 11:54:42.717] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Failed to download https://go.microsoft.com/fwlink/?linkid=2168770&clcid=0x409, details: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown
   at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.SocketsHttpHandler.<SendAsync>g__CreateHandlerAndSendAsync|115_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.AcquireFileFromCloudAsync(String searchMetadataFileLocation, CancellationToken cancellationToken)
[2026-01-05 11:54:42.718] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Retrieving cache file from https://go.microsoft.com/fwlink/?linkid=2087906&clcid=0x409 ...
[2026-01-05 11:54:43.174] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Failed to download https://go.microsoft.com/fwlink/?linkid=2087906&clcid=0x409, details: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown
   at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.SocketsHttpHandler.<SendAsync>g__CreateHandlerAndSendAsync|115_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.AcquireFileFromCloudAsync(String searchMetadataFileLocation, CancellationToken cancellationToken)
[2026-01-05 11:54:43.174] [Debug] [Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider] => [Execute]: Failed to update search cache from all known locations.
[2026-01-05 11:54:43.175] [Debug] [Template Engine] => [Execute]: Search by provider NuGet.org failed, details: System.AggregateException: Failed to update search cache. (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.)
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown
   at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.SocketsHttpHandler.<SendAsync>g__CreateHandlerAndSendAsync|115_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.AcquireFileFromCloudAsync(String searchMetadataFileLocation, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.AcquireFileFromCloudAsync(String searchMetadataFileLocation, CancellationToken cancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.GetSearchFileAsync(CancellationToken cancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.SearchForTemplatePackagesAsync(Func`2 packFilter, Func`2 matchingTemplatesFilter, CancellationToken cancellationToken)
   at Microsoft.TemplateSearch.Common.TemplateSearchCoordinator.SearchAsync(Func`2 packFilter, Func`2 matchingTemplatesFilter, CancellationToken cancellationToken)
 ---> (Inner Exception #1) System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown
   at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.InjectNewHttp11ConnectionAsync(QueueItem queueItem)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.SocketsHttpHandler.<SendAsync>g__CreateHandlerAndSendAsync|115_0(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Microsoft.TemplateSearch.Common.Providers.NuGetMetadataSearchProvider.AcquireFileFromCloudAsync(String searchMetadataFileLocation, CancellationToken cancellationToken)<---

Matches from template source: NuGet.org
Search failed: Failed to update search cache. (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.)

[2026-01-05 11:54:43.223] [Debug] [Template Engine] => [Execute]: Execute finished, took 3953 ms

For details on the exit code, refer to https://aka.ms/templating-exit-codes#103
```

### To Reproduce

Steps:
1. Run `dotnet new search test -d` from the command line.


### dotnet Info

<details>
  <summary>output</summary>
.NET SDK:
 Version:           10.0.101
 Commit:            fad253f51b
 Workload version:  10.0.101
 MSBuild version:   18.0.6+fad253f51

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  26.2
 OS Platform: Darwin
 RID:         osx-arm64
 Base Path:   /usr/local/share/dotnet/sdk/10.0.101/

.NET workloads installed:
There are no installed workloads to display.
Configured to use workload sets when installing new manifests.

Host:
  Version:      10.0.1
  Architecture: arm64
  Commit:       fad253f51b

.NET SDKs installed:
  6.0.419 [/usr/local/share/dotnet/sdk]
  7.0.404 [/usr/local/share/dotnet/sdk]
  8.0.100 [/usr/local/share/dotnet/sdk]
  9.0.101 [/usr/local/share/dotnet/sdk]
  10.0.101 [/usr/local/share/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.27 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 7.0.14 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 8.0.0 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 10.0.1 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.27 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 7.0.14 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 8.0.0 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 9.0.0 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 10.0.1 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

Other architectures found:
  None

Environment variables:
  Not set

global.json file:
  Not found

Learn more:
  https://aka.ms/dotnet/info

Download .NET:
  https://aka.ms/dotnet/download
</details>


### Visual Studio Version

_No response_

### Additional context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SSL Error When Searching Templates from CLI on MacOS #9678

Product

Describe The Bug

To Reproduce

dotnet Info

Visual Studio Version

Additional context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SSL Error When Searching Templates from CLI on MacOS #9678

Description

Product

Describe The Bug

To Reproduce

dotnet Info

Visual Studio Version

Additional context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions