Windows Vista Forums

How to perform HTTPS request with no certificate validation

  1. #1


    NickB Guest

    How to perform HTTPS request with no certificate validation

    Hi

    I'm trying to work as a client with an HTTPS server that does not have a
    valid certificate.
    How can I fetch an HTTPS URL without certificate validation?

    What I've tried is:
    $wc = new-object system.net.webclient
    $wc.Credentials = $nc // NetworkCredentials - previously defined
    $wc.DownloadFile($url, "temp.html")

    And then I got:

    Exception calling "DownloadFile" with "2" argument(s): "The underlying
    connecti
    on was closed: Could not establish trust relationship for the SSL/TLS secure
    ch
    annel."

    So I read that I might need to set the validation callback of the
    ServicePointManager to always return true - but what is the syntax to do
    that? Or is there some other way to skip cert validation?

    (I'm referring to the folloing callback:
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback)

    Thanks in advance,
    -Nick



      My System SpecsSystem Spec

  2. #2


    Oisin (x0n) Grehan [MVP] Guest

    Re: How to perform HTTPS request with no certificate validation

    On Jun 30, 10:23*am, NickB <Ni...@xxxxxx> wrote:

    > Hi
    >
    > I'm trying to work as a client with an HTTPS server that does not have a
    > valid certificate.
    > How can I fetch an HTTPS URL without certificate validation?
    >
    > What I've tried is:
    > $wc = new-object system.net.webclient
    > $wc.Credentials = $nc * * * * * // NetworkCredentials - previously defined
    > $wc.DownloadFile($url, "temp.html")
    >
    > And then I got:
    >
    > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > connecti
    > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > ch
    > annel."
    >
    > So I read that I might need to set the validation callback of the
    > ServicePointManager to always return true - but what is the syntax to do
    > that? Or is there some other way to skip cert validation?
    >
    > (I'm referring to the folloing callback:
    > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    >
    > Thanks in advance,
    > -Nick
    Hi Nick,

    Is the certificate expired, or is the certificate DN different from
    the network name you're using to access the machine in the script?

    If it's the former, you're out of luck with PowerShell 1.0 because you
    cannot assign scriptblocks that return a value as event handlers. The
    ServerCertificateValidationCallback has a boolean return type, so you
    cannot do this with pure script. If on the other hand, the ssl cert is
    for www.blah.com (public ip) and you are connecting to blahnetbiosname
    (192.168.*) , you could workaround the problem by adding an entry to
    your HOSTS file for www.blah.com to resolve to the private ip.

    If you are trying to circumvent an expired cert, let us know and I'll
    hack something up for you.

    - Oisin
    - Oisin

      My System SpecsSystem Spec

  3. #3


    NickB Guest

    Re: How to perform HTTPS request with no certificate validation



    "Oisin (x0n) Grehan [MVP]" wrote:

    > On Jun 30, 10:23 am, NickB <Ni...@xxxxxx> wrote:

    > > Hi
    > >
    > > I'm trying to work as a client with an HTTPS server that does not have a
    > > valid certificate.
    > > How can I fetch an HTTPS URL without certificate validation?
    > >
    > > What I've tried is:
    > > $wc = new-object system.net.webclient
    > > $wc.Credentials = $nc // NetworkCredentials - previously defined
    > > $wc.DownloadFile($url, "temp.html")
    > >
    > > And then I got:
    > >
    > > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > > connecti
    > > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > > ch
    > > annel."
    > >
    > > So I read that I might need to set the validation callback of the
    > > ServicePointManager to always return true - but what is the syntax to do
    > > that? Or is there some other way to skip cert validation?
    > >
    > > (I'm referring to the folloing callback:
    > > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    > >
    > > Thanks in advance,
    > > -Nick
    >
    > Hi Nick,
    >
    > Is the certificate expired, or is the certificate DN different from
    > the network name you're using to access the machine in the script?
    >
    > If it's the former, you're out of luck with PowerShell 1.0 because you
    > cannot assign scriptblocks that return a value as event handlers. The
    > ServerCertificateValidationCallback has a boolean return type, so you
    > cannot do this with pure script. If on the other hand, the ssl cert is
    > for www.blah.com (public ip) and you are connecting to blahnetbiosname
    > (192.168.*) , you could workaround the problem by adding an entry to
    > your HOSTS file for www.blah.com to resolve to the private ip.
    >
    > If you are trying to circumvent an expired cert, let us know and I'll
    > hack something up for you.
    >
    > - Oisin
    > - Oisin
    >
    It seems that the certificate has expired, and also the CA is not trusted
    (at least by my web browser). I'm not sure what the status of PowerShell 2.0
    is but I'm willing to give it a try if I can override the callback there.
    If not I'll just write a small program that downloads a file and execute it
    from PowerShell.

    Thanks a lot
    -Nick

      My System SpecsSystem Spec


How to perform HTTPS request with no certificate validation
Similar Threads
Thread Forum
Certificate Request: Who am I? SBS Server
The same HTTPS certificate on different server Server General
certificate signing request PowerShell
Request Certificate with MMC fails Vista security
How to perform an http get request from a browser hosted applicati Avalon