Invoke-RestMethod -忽略自签名证书
这个问题似乎已经被问到并得到了回答,但到目前为止,我遇到的每一个解决方案都没有帮助。我正在编写一个PowerShell脚本来运行一些REST API来获取使用信息。我的脚本在试图与服务器通信时立即中断。为了测试起见,我执行了一个非常简单的命令:
Invoke-RestMethod 'https://server:4443/login'它返回以下错误:
Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.我可以运行相同的命令,但是使用URL google.com,我会得到一个有效的返回,所以我知道这个命令大体上是有效的。
如果我在服务器上运行curl等效项,事情就会如期完成。以下是curl命令的详细输出的一个片段:
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
* subject: CN=localhost
* start date: 2016-03-22 21:48:57 GMT
* expire date: 2026-03-20 21:48:57 GMT
* issuer: CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.我只是假设这是一个基于搜索PowerShell返回的相当通用的错误的自签名证书问题。
我试过了:
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}和其他类似的方法(复杂的函数),帮助忽略证书问题,但没有运气。
我正在运行PowerShell 5,以防有帮助。
我对PowerShell代码很在行,但这是我第一次尝试使用Invoke-RestMethod,所以我可能遗漏了一些东西。任何洞察力都是值得欣赏的。
回答 5
Stack Overflow用户
发布于 2017-09-06 13:02:45
这也可以在powershell的后续版本中使用invoke-restmethod/webrequest。它通过将处理程序实现为本机.net来避免对运行空间的要求:
if (-not("dummy" -as [type])) {
add-type -TypeDefinition @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public static class Dummy {
public static bool ReturnTrue(object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; }
public static RemoteCertificateValidationCallback GetDelegate() {
return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
}
}
"@
}
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()希望这能有所帮助。
Stack Overflow用户
发布于 2020-01-05 01:05:49
如果在@x0n回答之后,您仍然有问题,请尝试在请求/Rest之前添加
[System.Net.ServicePointManager]::SecurityProtocol =[System.Net.SecurityProtocolType]::Tls12
我的工作脚本:
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
[ServerCertificateValidationCallback]::Ignore()
Invoke-WebRequest https://*YOUR URI*Stack Overflow用户
发布于 2019-12-20 21:26:09
我知道这是旧的,但它仍然出现时,我有这个问题,没有实际检查。先用谷歌,对吧?
试试这个:
invoke-restMethod -SkipCertificateCheck -uri 'https://server:4443/login' -etc..etc..etc..https://stackoverflow.com/questions/36456104
复制相似问题
腾讯云开发者
