Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Invoke-WebRequest and Invoke-RestMethod do not support invalid HTTPS certificates
See original GitHub issueOn Windows, I was able to connect to HTTPS endpoints with invalid certificates by setting a certificate policy via System.Net.ServicePointManager to ignore invalid certificates.
An integrated way to ignore invalid certificates with Invoke-RestMethod and Invoke-WebMethod would simplify implementing this cross platform.
When I run the same on Mac OS X, I get several errors regarding .NET dependencies. How can Invoke-RestMethod and Invoke-WebMethod be configured to ignore invalid certificates?
Steps to reproduce
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Invoke-WebRequest https://expired.badssl.com/
Expected behavior
This is from Windows Server 2008R2 with PowerShell 5:
PS C:\> add-type @"
>> using System.Net;
>> using System.Security.Cryptography.X509Certificates;
>> public class TrustAllCertsPolicy : ICertificatePolicy {
>> public bool CheckValidationResult(
>> ServicePoint srvPoint, X509Certificate certificate,
>> WebRequest request, int certificateProblem) {
>> return true;
>> }
>> }
>> "@
>>
PS C:\> [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
PS C:\> Invoke-WebRequest https://expired.badssl.com/
StatusCode : 200
StatusDescription : OK
Content : <!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/i...
RawContent : HTTP/1.1 200 OK
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 469
Cache-Control: no-store
Content-Type: text/html
Date: Fri, 19 Aug 2016 08:36:02 GMT
ETag: "57b263a4-1d5"
Last-Mo...
Forms : {}
Headers : {[Connection, keep-alive], [Accept-Ranges, bytes], [Content-Length, 469], [Cache-Control,
no-store]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : mshtml.HTMLDocumentClass
RawContentLength : 469
Actual behavior
PS /Users/ffeldhaus> add-type @" >> using System.Net; >> using System.Security.Cryptography.X509Certificates; >> public class TrustAllCertsPolicy : ICertificatePolicy { >> public bool CheckValidationResult( >> ServicePoint srvPoint, X509Certificate certificate, >> WebRequest request, int certificateProblem) { >> return true; >> } >> } >> "@
add-type : (2) : The type or namespace name 'X509Certificates' does not exist in the namespace 'System.Security.Cryptography' (are you missing an assembly reference?)
(1) : using System.Net;
(2) : >>> using System.Security.Cryptography.X509Certificates;
(3) : public class TrustAllCertsPolicy : ICertificatePolicy {
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
+ FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand
add-type : (3) : The type or namespace name 'ICertificatePolicy' could not be found (are you missing a using directive or an assembly reference?)
(2) : using System.Security.Cryptography.X509Certificates;
(3) : >>> public class TrustAllCertsPolicy : ICertificatePolicy {
(4) : public bool CheckValidationResult(
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
+ FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand
add-type : (5) : The type or namespace name 'ServicePoint' could not be found (are you missing a using directive or an assembly reference?)
(4) : public bool CheckValidationResult(
(5) : >>> ServicePoint srvPoint, X509Certificate certificate,
(6) : WebRequest request, int certificateProblem) {
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
+ FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand
add-type : (5) : The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?)
(4) : public bool CheckValidationResult(
(5) : >>> ServicePoint srvPoint, X509Certificate certificate,
(6) : WebRequest request, int certificateProblem) {
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
+ FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand
add-type : (6) : The type or namespace name 'WebRequest' could not be found (are you missing a using directive or an assembly reference?)
(5) : ServicePoint srvPoint, X509Certificate certificate,
(6) : >>> WebRequest request, int certificateProblem) {
(7) : return true;
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Power...peCompilerError:AddTypeCompilerError) [Add-Type], Exception
+ FullyQualifiedErrorId : SOURCE_CODE_ERROR,Microsoft.PowerShell.Commands.AddTypeCommand
add-type : Cannot add type. Compilation errors occurred.
At line:1 char:13
+ add-type @"
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-Type], InvalidOperationException
+ FullyQualifiedErrorId : COMPILER_ERRORS,Microsoft.PowerShell.Commands.AddTypeCommand
PS /Users/ffeldhaus> [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Unable to find type [System.Net.ServicePointManager].
At line:1 char:1
+ [System.Net.ServicePointManager]::CertificatePolicy = New-Object Trus ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.ServicePointManager:TypeName) [], RuntimeException
+ FullyQualifiedErrorId : TypeNotFound
PS /Users/ffeldhaus> Invoke-WebRequest https://expired.badssl.com/
Invoke-WebRequest : An error occurred while sending the request.
At line:1 char:1
+ Invoke-WebRequest https://expired.badssl.com/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Method: GET, Re...rShell/6.0.0
}:HttpRequestMessage) [Invoke-WebRequest], HttpRequestException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Environment data
Name Value
---- -----
PSVersion 6.0.0-alpha
PSEdition Core
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 3.0.0.0
GitCommitId v6.0.0-alpha.9
CLRVersion
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Issue Analytics
- State:
- Created 7 years ago
- Reactions:9
- Comments:13 (7 by maintainers)
Top Results From Across the Web
Powershell v3 Invoke-WebRequest HTTPS error
I have attempted using the following code to ignore SSL cert, but I'm not sure if its actually doing anything. [System.Net.ServicePointManager]:: ...
Read more >Set Powershell to skip SSL certificate checks
If you are trying to query a web site and you have invalid SSL certificates, Powershell is by default very strict on what...
Read more >Invoke-WebRequest - PowerShell
Beginning in PowerShell 7.0, Invoke-WebRequest supports proxy ... If the certificate isn't valid or doesn't have sufficient authority, the command fails.
Read more >Could not establish trust relationship for the SSL TLS secure ...
PowerShell Invoke-WebRequest The underlying connection was closed: Could not establish trust relationship for the SSL TLS secure channel.
Read more >Ignoring SSL/TLS errors using invoke-webrequest?
I was hoping for some kind of flag that could be set with the command but there doesn't seem to be one. Is...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Let’s PLEASE have a skip SSL verification switch at last! Nobody likes dealing with certs in development.
It would nice to have some a parameter like
-IgnoreCertificateCheckwhich would be similar to wget’s--no-check-certificatethen also having a$IgnoreCertificateCheckPreferencewhich can default to$falsebut still allows people to change it.