Hi all,
Got a test/development server with an expired certificate (will take a couple of days for the certificate to be updated).
Is there a way to ignore the certificate error?
Via some google exercise I’ve tried:
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
But that doesn’t solve the issue of ignoring the certificate issue.
Still getting “The underlying connection was closed: an unexpected error occured on a send”.
So is there way to get this “working” before the cert have been renewed?
Edit: Currently on PS ver. 4 and .Net 4.5.
Br,
Fredrik
Update, it seems I can get it working.
But it’s kind of weird or I just don’t know enough of the underlying structure.
There were two issues, one the certificate was a TLS1.2 certificate and that is not enabled by default in PS (SSL3 and TLS).
The second issue by reading some blog posts (AFAIK) is that the invoke-webrequest/invoke-restmethod runs in their own runspace.
So by setting the servicecertificatevalidationcallback flag to true doesn’t necessarely mean that invoke-webrequest will “see it”.
Now the weird part.
If I use the following:
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Invoke-WebRequest -Uri 'https://somesite'
Will still fail.
If I however do.
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$webClient = New-Object System.Net.WebClient
$content = webClient.downloadstring('https://somesite')
Invoke-WebRequest -Uri 'https://somesite'
Now the Invoke-Webrequest will work.
The only thing I can think of is that after the download it already have an open session so invoke-webrequest will use that.
But I’m by no means sure about this.
I use:
$URL = 'https://somesite'
#region Validate we have full IE COM object
$ie = New-Object -ComObject internetexplorer.application
$ie.visible = $true # for debugging - comment or remove this line for prod..
$ie.navigate($URL)
while ($ie.Busy) { Start-Sleep -Seconds 1 }
if (($ie.Document | Get-Member -MemberType Properties).count -eq 0) {
$ie.Quit()
Write-Out 'This script requires Microsoft Azure SDK for .NET (VS 2015) from Web Platform installer at https://www.microsoft.com/web/downloads/platform.aspx'
break
}
#endregion
#region Bypass local certificate error
Write-Out 'Bypassing web interface certificate error...'
$sslbypass = $ie.Document.getElementById('overridelink')
if ($sslbypass) { $sslbypass.click() }
while ($ie.Busy) { Start-Sleep -Seconds 1 }
Write-Out 'done'
#endregion
Thanks Sam but I would rather not rely on IE.
Anyway it works using the above method but it’s a bit weird, too me at this moment in time.