[BUG]: Azure CLI task giving certificate error on Azure Managed Pools

[paliotti]

New issue checklist

• I searched for existing GitHub issues
• I read pipeline troubleshooting guide
• I checked how to collect logs

Task name

Azure CLI

Task version

2.259.1

Issue Description

When running the Azure CLI task which is connected to a Azure Service Connection, I am getting ##[error]Error checking Azure version: unable to verify the first certificate.

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Windows Server 2022

Relevant log output

azure-cli                         2.77.0

core                              2.77.0
telemetry                          1.1.0

Extensions:
azure-devops                       1.0.2

Dependencies:
msal                            1.34.0b1
azure-mgmt-resource               23.3.0

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Config directory 'C:\azureCli'
Extensions directory 'C:\Program Files\Common Files\AzureCliExtensionDirectory'

Python (Windows) 3.13.7 (tags/v3.13.7:bcee1c3, Aug 14 2025, 14:15:11) [MSC v.1944 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal


##[error]Error checking Azure version: unable to verify the first certificate
Setting AZURE_CONFIG_DIR env variable to: D:\a\_work\_temp\.azclitask
Setting active cloud to: AzureCloud

Full task logs with system.debug enabled

 
Dependencies:

msal                            1.34.0b1

azure-mgmt-resource               23.3.0
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'

Config directory 'C:\azureCli'

Extensions directory 'C:\Program Files\Common Files\AzureCliExtensionDirectory'
Python (Windows) 3.13.7 (tags/v3.13.7:bcee1c3, Aug 14 2025, 14:15:11) [MSC v.1944 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
##[debug]Feature 'UseAzVersion' not found. Returning false as default.

##[debug]Current Azure CLI version: 2.77.0

##[debug]Feature 'ShowWarningOnOlderAzureModules' = 'True'. Processed as 'true'.

##[debug]CLIENT_RESETSTREAMONRETRY=undefined

##[debug][GET]https://api.github.com/repos/Azure/azure-Cli/releases

##[debug]Processed: ##vso[task.logissue type=error;code=UNABLE_TO_VERIFY_LEAF_SIGNATURE;]

##[error]Error checking Azure version: unable to verify the first certificate

##[debug]Processed: ##vso[task.issue type=error;source=TaskInternal;correlationId=432ef83d-1d75-4852-9680-8be3a2ce650a;]Error checking Azure version: unable to verify the first certificate

##[debug]useGlobalConfig=false

##[debug]Agent.TempDirectory=D:\a_work_temp

##[debug]Agent.TempDirectory=D:\a_work_temp

Setting AZURE_CONFIG_DIR env variable to: D:\a_work_temp.azclitask

##[debug]connectedServiceNameARM=17b32a87-8075-4d90-aaec-086948053f7d

##[debug]17b32a87-8075-4d90-aaec-086948053f7d data environment = AzureCloud

Setting active cloud to: AzureCloud

##[debug]which 'az'

##[debug]found: 'C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'

##[debug]C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg: cloud set -n AzureCloud

##[debug]C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg: cloud set -n AzureCloud

##[debug]exec tool: C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin\az.cmd

##[debug]exec tool: C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin\az.cmd

##[debug]arguments:

##[debug]arguments:

##[debug]   cloud

##[debug]   cloud

##[debug]   set 

Repro steps

[paliotti]

Please note that this isn't failing the task at all, but it is showing as an error in the pipeline execution screen

[v-schhabra]

Hi @paliotti
We have disabled the Feature Flag 'ShowWarningOnOlderAzureModules' for all the regions. You will not be getting this error now.
Please let us know if still you are facing this issue.

[v-schhabra]

We are closing this as the issue has been fixed by disabling the Feature Flag.