How to perform HTTPS request with no certificate validation


  1.    30 Jun 2008 #1
    NickB Guest

    How to perform HTTPS request with no certificate validation


    Hi

    I'm trying to work as a client with an HTTPS server that does not have a
    valid certificate.
    How can I fetch an HTTPS URL without certificate validation?

    What I've tried is:
    $wc = new-object system.net.webclient
    $wc.Credentials = $nc // NetworkCredentials - previously defined
    $wc.DownloadFile($url, "temp.html")

    And then I got:

    Exception calling "DownloadFile" with "2" argument(s): "The underlying
    connecti
    on was closed: Could not establish trust relationship for the SSL/TLS secure
    ch
    annel."

    So I read that I might need to set the validation callback of the
    ServicePointManager to always return true - but what is the syntax to do
    that? Or is there some other way to skip cert validation?

    (I'm referring to the folloing callback:
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback)

    Thanks in advance,
    -Nick


      My System SpecsSystem Spec

  2.    30 Jun 2008 #2
    Oisin (x0n) Grehan [MVP] Guest

    Re: How to perform HTTPS request with no certificate validation


    On Jun 30, 10:23*am, NickB <Ni...@xxxxxx> wrote:

    > Hi
    >
    > I'm trying to work as a client with an HTTPS server that does not have a
    > valid certificate.
    > How can I fetch an HTTPS URL without certificate validation?
    >
    > What I've tried is:
    > $wc = new-object system.net.webclient
    > $wc.Credentials = $nc * * * * * // NetworkCredentials - previously defined
    > $wc.DownloadFile($url, "temp.html")
    >
    > And then I got:
    >
    > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > connecti
    > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > ch
    > annel."
    >
    > So I read that I might need to set the validation callback of the
    > ServicePointManager to always return true - but what is the syntax to do
    > that? Or is there some other way to skip cert validation?
    >
    > (I'm referring to the folloing callback:
    > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    >
    > Thanks in advance,
    > -Nick
    Hi Nick,

    Is the certificate expired, or is the certificate DN different from
    the network name you're using to access the machine in the script?

    If it's the former, you're out of luck with PowerShell 1.0 because you
    cannot assign scriptblocks that return a value as event handlers. The
    ServerCertificateValidationCallback has a boolean return type, so you
    cannot do this with pure script. If on the other hand, the ssl cert is
    for www.blah.com (public ip) and you are connecting to blahnetbiosname
    (192.168.*) , you could workaround the problem by adding an entry to
    your HOSTS file for www.blah.com to resolve to the private ip.

    If you are trying to circumvent an expired cert, let us know and I'll
    hack something up for you.

    - Oisin
    - Oisin
      My System SpecsSystem Spec

  3.    30 Jun 2008 #3
    NickB Guest

    Re: How to perform HTTPS request with no certificate validation




    "Oisin (x0n) Grehan [MVP]" wrote:

    > On Jun 30, 10:23 am, NickB <Ni...@xxxxxx> wrote:

    > > Hi
    > >
    > > I'm trying to work as a client with an HTTPS server that does not have a
    > > valid certificate.
    > > How can I fetch an HTTPS URL without certificate validation?
    > >
    > > What I've tried is:
    > > $wc = new-object system.net.webclient
    > > $wc.Credentials = $nc // NetworkCredentials - previously defined
    > > $wc.DownloadFile($url, "temp.html")
    > >
    > > And then I got:
    > >
    > > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > > connecti
    > > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > > ch
    > > annel."
    > >
    > > So I read that I might need to set the validation callback of the
    > > ServicePointManager to always return true - but what is the syntax to do
    > > that? Or is there some other way to skip cert validation?
    > >
    > > (I'm referring to the folloing callback:
    > > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    > >
    > > Thanks in advance,
    > > -Nick
    >
    > Hi Nick,
    >
    > Is the certificate expired, or is the certificate DN different from
    > the network name you're using to access the machine in the script?
    >
    > If it's the former, you're out of luck with PowerShell 1.0 because you
    > cannot assign scriptblocks that return a value as event handlers. The
    > ServerCertificateValidationCallback has a boolean return type, so you
    > cannot do this with pure script. If on the other hand, the ssl cert is
    > for www.blah.com (public ip) and you are connecting to blahnetbiosname
    > (192.168.*) , you could workaround the problem by adding an entry to
    > your HOSTS file for www.blah.com to resolve to the private ip.
    >
    > If you are trying to circumvent an expired cert, let us know and I'll
    > hack something up for you.
    >
    > - Oisin
    > - Oisin
    >
    It seems that the certificate has expired, and also the CA is not trusted
    (at least by my web browser). I'm not sure what the status of PowerShell 2.0
    is but I'm willing to give it a try if I can override the callback there.
    If not I'll just write a small program that downloads a file and execute it
    from PowerShell.

    Thanks a lot
    -Nick
      My System SpecsSystem Spec

How to perform HTTPS request with no certificate validation

Similar Threads
Thread Forum
Certificate Request: Who am I?
I am purchasing a CA issued certificate for the purpose of enabling ActiveSync and OWA. Please forgive my likely mis-use of terminology. I hope I...
SBS Server
The same HTTPS certificate on different server
Hi We have two web servers running on Win2003 Standard.One is for production and the second for testing. The have different IPs, but the public...
Server General
3rd Party Certificate Pending Request not found
Error: "The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response...
SBS Server
certificate request Error: 0x80070005
An error occurred while creating the certificate request. Please verify that you selected the correct CSP, or contact an administrator for...
Network & Sharing
certificate signing request
Can anyone tell me how to generate a Code Signing Certificate Signing Request for use in PoSH? I want the cert signed by a trusted issuer (ie. not...
PowerShell
Request Certificate with MMC fails
hi, i try to request a new certificate with the MMC Snap-In and it fails with the message "RPC Server is unavailable". But i'm connected to the...
Vista security
How to perform an http get request from a browser hosted applicati
Hi all, just before posting my question I found a solution :-) Anyway I feel that some others might run into the same issue, so I will post my...
Avalon

Our Sites
  • Ten Forums
  • Eight Forums
  • Seven Forums
  • Help Me Bake
  • Site Links
  • Contact Us
  • Privacy and Cookies
  • About Us
    Windows Vista Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 05:16.
    .