Certificate validation fails with CosmosDb emulator docker image

[michaelelleby]

docker-compose.yml

name: mydb
services:
  cosmosdb:
    container_name: "cosmosdb-emulator"
    image: "mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview"
    ports:
      - "8081:8081"
      - "10250-10255:10250-10255"
    environment:
      PROTOCOL: https

Log output from DMT:

> .\dmt-2.9.0\win-x64-package\dmt.exe --settings C:\Temp\cosmosdb_importsettings.json
info: Cosmos.DataTransfer.Core.RunCommand.CommandHandler[0]
      Settings loading from file at configured path 'C:\Temp\cosmosdb_importsettings.json'.
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      Loading extensions from C:\Temp\dmt-2.9.0\win-x64-package\Extensions
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      15 Extensions Loaded for type IDataSourceExtension
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      15 Extensions Loaded for type IDataSinkExtension
Using JSON Source
Using Cosmos-nosql Sink
fail: Cosmos.DataTransfer.Core.RunCommand.CommandHandler[0]
      Data transfer failed
      System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
       ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotSignatureValid, NotValidForUsage, Cyclic, InvalidBasicConstraints, PartialChain
         at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
         at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
         at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
         --- End of inner exception stack trace ---
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetAccountPropertiesHelper.GetOnlyGlobalEndpointAsync()
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetAccountPropertiesHelper.GetAccountPropertiesAsync()
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetDatabaseAccountFromAnyLocationsAsync(Uri defaultEndpoint, IList`1 locations, IList`1 accountInitializationCustomEndpoints, Func`2 getDatabaseAccountFn, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.GatewayAccountReader.InitializeReaderAsync()
         at Microsoft.Azure.Cosmos.CosmosAccountServiceConfiguration.InitializeAsync()
         at Microsoft.Azure.Cosmos.DocumentClient.InitializeGatewayConfigurationReaderAsync()
         at Microsoft.Azure.Cosmos.DocumentClient.GetInitializationTaskAsync(IStoreClientFactory storeClientFactory)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Documents.ShouldRetryResult.ThrowIfDoneTrying(ExceptionDispatchInfo capturedException)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Cosmos.AsyncCacheNonBlocking`2.GetAsync(TKey key, Func`2 singleValueInitFunc, Func`2 forceRefresh)
         at Microsoft.Azure.Cosmos.AsyncCacheNonBlocking`2.GetAsync(TKey key, Func`2 singleValueInitFunc, Func`2 forceRefresh)
         at Microsoft.Azure.Cosmos.DocumentClient.EnsureValidClientAsync(ITrace trace)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.EnsureValidClientAsync(RequestMessage request, ITrace trace)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(String resourceUriString, ResourceType resourceType, OperationType operationType, RequestOptions requestOptions, ContainerInternal cosmosContainerCore, FeedRange feedRange, Stream streamPayload, Action`1 requestEnricher, ITrace trace, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.CosmosClient.<>c__DisplayClass54_0.<<CreateDatabaseIfNotExistsAsync>b__0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Azure.Cosmos.ClientContextCore.RunWithDiagnosticsHelperAsync[TResult](String containerName, String databaseName, OperationType operationType, ITrace trace, Func`2 task, Nullable`1 openTelemetry, RequestOptions requestOptions, Nullable`1 resourceType)
         at Microsoft.Azure.Cosmos.ClientContextCore.OperationHelperWithRootTraceAsync[TResult](String operationName, String containerName, String databaseName, OperationType operationType, RequestOptions requestOptions, Func`2 task, Nullable`1 openTelemetry, TraceComponent traceComponent, TraceLevel traceLevel, Nullable`1 resourceType)
         at Cosmos.DataTransfer.CosmosExtension.CosmosDataSinkExtension.CreateDatabaseAndContainerAsync(CosmosClient client, CosmosSinkSettings settings, ILogger logger, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs:line 92
         at Cosmos.DataTransfer.CosmosExtension.CosmosDataSinkExtension.WriteAsync(IAsyncEnumerable`1 dataItems, IConfiguration config, IDataSourceExtension dataSource, ILogger logger, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs:line 154
         at Cosmos.DataTransfer.Core.RunCommand.CommandHandler.ExecuteDataTransferOperation(IDataSourceExtension source, IConfiguration sourceConfig, IDataSinkExtension sink, IConfiguration sinkConfig, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Core/Cosmos.DataTransfer.Core/RunCommand.cs:line 211
fail: Cosmos.DataTransfer.Core.RunCommand.CommandHandler[0]
      Data transfer failed
      System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
       ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: NotSignatureValid, NotValidForUsage, Cyclic, InvalidBasicConstraints, PartialChain
         at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
         at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
         at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
         --- End of inner exception stack trace ---
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetAccountPropertiesHelper.GetOnlyGlobalEndpointAsync()
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetAccountPropertiesHelper.GetAccountPropertiesAsync()
         at Microsoft.Azure.Cosmos.Routing.GlobalEndpointManager.GetDatabaseAccountFromAnyLocationsAsync(Uri defaultEndpoint, IList`1 locations, IList`1 accountInitializationCustomEndpoints, Func`2 getDatabaseAccountFn, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.GatewayAccountReader.InitializeReaderAsync()
         at Microsoft.Azure.Cosmos.CosmosAccountServiceConfiguration.InitializeAsync()
         at Microsoft.Azure.Cosmos.DocumentClient.InitializeGatewayConfigurationReaderAsync()
         at Microsoft.Azure.Cosmos.DocumentClient.GetInitializationTaskAsync(IStoreClientFactory storeClientFactory)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Documents.ShouldRetryResult.ThrowIfDoneTrying(ExceptionDispatchInfo capturedException)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Documents.BackoffRetryUtility`1.ExecuteRetryAsync[TParam,TPolicy](Func`1 callbackMethod, Func`3 callbackMethodWithParam, Func`2 callbackMethodWithPolicy, TParam param, IRetryPolicy retryPolicy, IRetryPolicy`1 retryPolicyWithArg, Func`1 inBackoffAlternateCallbackMethod, Func`2 inBackoffAlternateCallbackMethodWithPolicy, TimeSpan minBackoffForInBackoffCallback, CancellationToken cancellationToken, Action`1 preRetryCallback)
         at Microsoft.Azure.Cosmos.AsyncCacheNonBlocking`2.GetAsync(TKey key, Func`2 singleValueInitFunc, Func`2 forceRefresh)
         at Microsoft.Azure.Cosmos.DocumentClient.EnsureValidClientAsync(ITrace trace)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.EnsureValidClientAsync(RequestMessage request, ITrace trace)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(String resourceUriString, ResourceType resourceType, OperationType operationType, RequestOptions requestOptions, ContainerInternal cosmosContainerCore, FeedRange feedRange, Stream streamPayload, Action`1 requestEnricher, ITrace trace, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.CosmosClient.<>c__DisplayClass54_0.<<CreateDatabaseIfNotExistsAsync>b__0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Azure.Cosmos.ClientContextCore.RunWithDiagnosticsHelperAsync[TResult](String containerName, String databaseName, OperationType operationType, ITrace trace, Func`2 task, Nullable`1 openTelemetry, RequestOptions requestOptions, Nullable`1 resourceType)
         at Microsoft.Azure.Cosmos.ClientContextCore.OperationHelperWithRootTraceAsync[TResult](String operationName, String containerName, String databaseName, OperationType operationType, RequestOptions requestOptions, Func`2 task, Nullable`1 openTelemetry, TraceComponent traceComponent, TraceLevel traceLevel, Nullable`1 resourceType)
         at Cosmos.DataTransfer.CosmosExtension.CosmosDataSinkExtension.CreateDatabaseAndContainerAsync(CosmosClient client, CosmosSinkSettings settings, ILogger logger, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs:line 92
         at Cosmos.DataTransfer.CosmosExtension.CosmosDataSinkExtension.WriteAsync(IAsyncEnumerable`1 dataItems, IConfiguration config, IDataSourceExtension dataSource, ILogger logger, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs:line 154
         at Cosmos.DataTransfer.Core.RunCommand.CommandHandler.ExecuteDataTransferOperation(IDataSourceExtension source, IConfiguration sourceConfig, IDataSinkExtension sink, IConfiguration sinkConfig, CancellationToken cancellationToken) in /__w/data-migration-desktop-tool/data-migration-desktop-tool/Core/Cosmos.DataTransfer.Core/RunCommand.cs:line 211

cosmosdb_importsettings:

{
  "Source": "json",
  "Sink": "cosmos-nosql",
  "SinkSettings": {
    "ConnectionString": "AccountEndpoint=https://localhost:8081/;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==;",
    "PartitionKeyPath": "/id",
    "ConnectionMode": "Direct",
    "RecreateContainer": true,
    "CreatedContainerMaxThroughput": 400,
    "UseAutoscaleForCreatedContainer": false,
    "IgnoreNullValues": true
  },
  "Operations": [
    {
      "SourceSettings": {
        "FilePath": "input.json"
      },
      "SinkSettings": {
        "Database": "mydatabase",
        "Container": "mycontainer"
      }
    }
  ]
}

[philnach]

@michaelelleby, thank you for reporting the issue. I was able to reproduce the same behavior when running the vnext emulator in WSL and trying to transfer data from Windows using dmt. I couldn't figure out a workaround as the root issue is the certificate chain from the vnext emulator isn't trusted. I will reach out on the emulator repo: https://github.com/Azure/azure-cosmos-db-emulator-docker/.

Can you try the new DisableSslValidation setting being added in PR #214? and let me know if that works?

[michaelelleby]

@michaelelleby, thank you for reporting the issue. I was able to reproduce the same behavior when running the vnext emulator in WSL and trying to transfer data from Windows using dmt. I couldn't figure out a workaround as the root issue is the certificate chain from the vnext emulator isn't trusted. I will reach out on the emulator repo: https://github.com/Azure/azure-cosmos-db-emulator-docker/.

Can you try the new DisableSslValidation setting being added in PR #214? and let me know if that works?

It did not work. Running commit 74671a2cf33f1e3faddb6b41785205ccf3688f31 of your branch philnach/vnextemulator I get the following error:

info: Cosmos.DataTransfer.Core.RunCommand.CommandHandler[0]
      Settings loading from file at configured path 'C:\Users\Michael\AppData\Local\Temp\bflmjtgh.egm\cosmosdb_importsettings.json'.
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      Loading extensions from C:\Tools\dmt\Extensions
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      11 Extensions Loaded for type IDataSourceExtension
info: Cosmos.DataTransfer.Core.ExtensionLoader[0]
      12 Extensions Loaded for type IDataSinkExtension
Using JSON Source
Using Cosmos-nosql Sink
fail: Cosmos.DataTransfer.Core.RunCommand.CommandHandler[0]
      Data transfer failed
      System.NullReferenceException: Object reference not set to an instance of an object.
         at Microsoft.Azure.Documents.ConsistencyReader.GetMaxReplicaSetSize(DocumentServiceRequest entity)
         at Microsoft.Azure.Documents.ConsistencyReader.ReadAsync(DocumentServiceRequest entity, TimeoutHelper timeout, Boolean isInRetry, Boolean forceRefresh, CancellationToken cancellationToken)
         at Microsoft.Azure.Documents.ReplicatedResourceClient.InvokeAsync(DocumentServiceRequest request, TimeoutHelper timeout, Boolean isInRetry, Boolean forceRefresh, CancellationToken cancellationToken)
         at Microsoft.Azure.Documents.ReplicatedResourceClient.<>c__DisplayClass32_0.<<InvokeAsync>b__0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Azure.Documents.RequestRetryUtility.ProcessRequestAsync[TRequest,IRetriableResponse](Func`1 executeAsync, Func`1 prepareRequest, IRequestRetryPolicy`2 policy, CancellationToken cancellationToken, Func`1 inBackoffAlternateCallbackMethod, Nullable`1 minBackoffForInBackoffCallback)
         at Microsoft.Azure.Documents.ShouldRetryResult.ThrowIfDoneTrying(ExceptionDispatchInfo capturedException)
         at Microsoft.Azure.Documents.RequestRetryUtility.ProcessRequestAsync[TRequest,IRetriableResponse](Func`1 executeAsync, Func`1 prepareRequest, IRequestRetryPolicy`2 policy, CancellationToken cancellationToken, Func`1 inBackoffAlternateCallbackMethod, Nullable`1 minBackoffForInBackoffCallback)
         at Microsoft.Azure.Documents.RequestRetryUtility.ProcessRequestAsync[TRequest,IRetriableResponse](Func`1 executeAsync, Func`1 prepareRequest, IRequestRetryPolicy`2 policy, CancellationToken cancellationToken, Func`1 inBackoffAlternateCallbackMethod, Nullable`1 minBackoffForInBackoffCallback)
         at Microsoft.Azure.Documents.StoreClient.ProcessMessageAsync(DocumentServiceRequest request, CancellationToken cancellationToken, IRetryPolicy retryPolicy)
         at Microsoft.Azure.Cosmos.Handlers.TransportHandler.ProcessMessageAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.TransportHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RouterHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.RequestHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.AbstractRetryHandler.ExecuteHttpRequestAsync(Func`1 callbackMethod, Func`3 callShouldRetry, Func`3 callShouldRetryException, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.AbstractRetryHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.RequestHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.TelemetryHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.RequestHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.DiagnosticsHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.RequestHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.BaseSendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(RequestMessage request, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler.SendAsync(String resourceUriString, ResourceType resourceType, OperationType operationType, RequestOptions requestOptions, ContainerInternal cosmosContainerCore, FeedRange feedRange, Stream streamPayload, Action`1 requestEnricher, ITrace trace, CancellationToken cancellationToken)
         at Microsoft.Azure.Cosmos.CosmosClient.<>c__DisplayClass54_0.<<CreateDatabaseIfNotExistsAsync>b__0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Azure.Cosmos.ClientContextCore.RunWithDiagnosticsHelperAsync[TResult](String containerName, String databaseName, OperationType operationType, ITrace trace, Func`2 task, Nullable`1 openTelemetry, RequestOptions requestOptions, Nullable`1 resourceType)
       CosmosDiagnostics: {"Summary":{},"name":"CreateDatabaseIfNotExistsAsync","start datetime":"2025-11-11T11:13:14.712Z","duration in milliseconds":2155.2749,"data":{"Client Configuration":{"Client Created Time Utc":"2025-11-11T11:13:14.7036541Z","MachineId":"hashedMachineName:af3c6e3f-2a43-64cc-9b8f-b5a999d59e15","NumberOfClientsCreated":1,"NumberOfActiveClients":1,"ConnectionMode":"Direct","User Agent":"cosmos-netstandard-sdk/3.49.0|1|X64|Microsoft Windows 10.0.19044|.NET 8.0.21|N|F 00000001|dmt-1.0.0.0-JSON-Cosmosnosql","ConnectionConfig":{"gw":"(cps:50, urto:6, p:False, httpf: False)","rntbd":"(cto: 5, icto: -1, mrpc: 30, mcpe: 65535, erd: True, pr: ReuseUnicastPort)","other":"(ed:False, be:True)"},"ConsistencyConfig":"(consistency: NotSet, prgns:[], apprgn: )","ProcessorCount":16}},"children":[{"name":"Microsoft.Azure.Cosmos.Handlers.RequestInvokerHandler","duration in milliseconds":2148.4172,"children":[{"name":"Waiting for Initialization of client to complete","duration in milliseconds":2120.7692},{"name":"Microsoft.Azure.Cosmos.Handlers.DiagnosticsHandler","duration in milliseconds":21.9473,"children":[{"name":"Microsoft.Azure.Cosmos.Handlers.TelemetryHandler","duration in milliseconds":21.3952,"children":[{"name":"Microsoft.Azure.Cosmos.Handlers.RetryHandler","duration in milliseconds":20.7116,"children":[{"name":"Microsoft.Azure.Cosmos.Handlers.RouterHandler","duration in milliseconds":18.6498,"children":[{"name":"Microsoft.Azure.Cosmos.Handlers.TransportHandler","duration in milliseconds":17.963,"children":[{"name":"Microsoft.Azure.Documents.ServerStoreModel Transport Request","duration in milliseconds":12.1505,"data":{"Client Side Request Stats":{"Id":"AggregatedClientSideRequestStatistics","ContactedReplicas":[],"RegionsContacted":[],"FailedReplicas":[],"AddressResolutionStatistics":[],"StoreResponseStatistics":[]}}}]}]}]}]}]}]}]}

cosmosdb_importsettings.json

{
  "Source": "json",
  "Sink": "cosmos-nosql",
  "SinkSettings": {
    "ConnectionString": "AccountEndpoint=https://localhost:8081/;AccountKey=C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==;",
    "PartitionKeyPath": "/id",
    "ConnectionMode": "Direct",
    "RecreateContainer": true,
    "CreatedContainerMaxThroughput": 400,
    "UseAutoscaleForCreatedContainer": false,
    "IgnoreNullValues": true,
    "DisableSslValidation": true
  },
  "Operations": [
    {
      "SourceSettings": {
        "FilePath": "input.json"
      },
      "SinkSettings": {
        "Database": "mydatabase",
        "Container": "mycontainer"
      }
    }
  ]
}

Though I suspect this is an issue in the CosmosDb emulator image, rather than the import tool. Looking at the stack trace, it does not complain about SSL issues any more. I am using mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview with the digest sha256:d45fb927fe4639beff73d13f4aaaae6b137eee2702246b07622c81192875af21 created 2025-11-04T17:08:10.45332744Z

[michaelelleby]

Setting "ConnectionMode": "Gateway" and changing https://github.com/philnach/data-migration-desktop-tool/blob/74671a2cf33f1e3faddb6b41785205ccf3688f31/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosExtensionServices.cs#L36 to AllowBulkExecution = false makes the import succeed, with your change to support the DisableSslValidation setting.

[philnach]

@michaelelleby, thank you for checking. I'll work on getting the PR in and take a look a the AllowBulkExecution setting.