To explain the issue. I am trying to use Invoke-RestMethod to access and use a rest api. The rest api is designed to interact with the certificate management tool Venafi. To be able to use the rest api you need to autheticate using a certificate pem file and password.
I am trying to do something similar with Invoke-RequetMethod
$CWS_PemFile = "<Path to and including file name of certificate>.pem:<password>"
$CWS_AppId = <Application ID>
$CWS_TeamDL = <Teams email address>
$CWS_CertName = <certificate name to modify>
$CWS_OBSO_URI = <url of rest api>
This fails with the following error:
Invoke-RestMethod: Cannot bind parameter ‘Certificate’. Cannot convert value “” to type “System.Security.Cryptography.X509Certificates.X509Certificate”. Error: “The system cannot find the file specified.”
If I remove the password from the $CWS_PemFile I get the following error message:
Invoke-RestMethod: Authentication failed, see inner exception.
Using the -credentials that looks for a username/password but not a certificate/password.
Is there a way, when using Invoke-RestMethod to pass a password with the certificate?
Hey there and welcome. First - to help us help you, could you go back and edit your post and and format your code? See: How to format code in PowerShell.org Sometimes the preformatted text button hides behind the settings gear symbol
Can you share the actual code you are using to get the certificate? Typically the idea is you install the certificate and it has a private key generally. As long as the account you are running can read the certificate properly, you generally don’t need to provide a password. If you take a look at the docs Invoke-RestMethod (Microsoft.PowerShell.Utility) - PowerShell | Microsoft Learn and specifically look at the Certificate, they have two options. Get-PFXCertificate is the first and it essentially will require a password as its looking at a file path and you’re only getting a file. As you know from ‘backing’ up a certificate with a private key, in order to ‘install it’ to do anything with it, you need to provide that password (unless it’s secured in another manner) However, if you get a certificate that is installed on your system and the account running it has sufficient access, it should work. That’s where the Get-ChildItem option comes into play. Personally I’d use the -CertificateThumbprint option myself and install the cert and ensure the account running the cert can read the private key. As long as it can do that, it should be able to properly authenticate.
I’ve not used it with Invoke-RestMethod but I presume it works similarly to other things like Graph etc. I maintain a ton of work modules that connect to things like MS graph and exchange and they all sorta work similar I believe.
Invoke-RestMethod requires a non password protected cert I believe.
You can try Get-PfxCertificate (should work with .PEM as well) and can accept a password. This would store the unencrypted cert in a variable and then pass that to Invoke-RestMethod.
Have you used this with a cert actually installed on the system? My guess is this is an easier way. Install cert and send it the cert that is installed or give it the thumbprint.
