Windows Vista Forums

How to perform HTTPS request with no certificate validation

  1. #1


    NickB Guest

    How to perform HTTPS request with no certificate validation

    Hi

    I'm trying to work as a client with an HTTPS server that does not have a
    valid certificate.
    How can I fetch an HTTPS URL without certificate validation?

    What I've tried is:
    $wc = new-object system.net.webclient
    $wc.Credentials = $nc // NetworkCredentials - previously defined
    $wc.DownloadFile($url, "temp.html")

    And then I got:

    Exception calling "DownloadFile" with "2" argument(s): "The underlying
    connecti
    on was closed: Could not establish trust relationship for the SSL/TLS secure
    ch
    annel."

    So I read that I might need to set the validation callback of the
    ServicePointManager to always return true - but what is the syntax to do
    that? Or is there some other way to skip cert validation?

    (I'm referring to the folloing callback:
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback)

    Thanks in advance,
    -Nick



      My System SpecsSystem Spec

  2. #2


    Oisin (x0n) Grehan [MVP] Guest

    Re: How to perform HTTPS request with no certificate validation

    On Jun 30, 10:23*am, NickB <Ni...@xxxxxx> wrote:

    > Hi
    >
    > I'm trying to work as a client with an HTTPS server that does not have a
    > valid certificate.
    > How can I fetch an HTTPS URL without certificate validation?
    >
    > What I've tried is:
    > $wc = new-object system.net.webclient
    > $wc.Credentials = $nc * * * * * // NetworkCredentials - previously defined
    > $wc.DownloadFile($url, "temp.html")
    >
    > And then I got:
    >
    > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > connecti
    > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > ch
    > annel."
    >
    > So I read that I might need to set the validation callback of the
    > ServicePointManager to always return true - but what is the syntax to do
    > that? Or is there some other way to skip cert validation?
    >
    > (I'm referring to the folloing callback:
    > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    >
    > Thanks in advance,
    > -Nick
    Hi Nick,

    Is the certificate expired, or is the certificate DN different from
    the network name you're using to access the machine in the script?

    If it's the former, you're out of luck with PowerShell 1.0 because you
    cannot assign scriptblocks that return a value as event handlers. The
    ServerCertificateValidationCallback has a boolean return type, so you
    cannot do this with pure script. If on the other hand, the ssl cert is
    for www.blah.com (public ip) and you are connecting to blahnetbiosname
    (192.168.*) , you could workaround the problem by adding an entry to
    your HOSTS file for www.blah.com to resolve to the private ip.

    If you are trying to circumvent an expired cert, let us know and I'll
    hack something up for you.

    - Oisin
    - Oisin

      My System SpecsSystem Spec

  3. #3


    NickB Guest

    Re: How to perform HTTPS request with no certificate validation



    "Oisin (x0n) Grehan [MVP]" wrote:

    > On Jun 30, 10:23 am, NickB <Ni...@xxxxxx> wrote:

    > > Hi
    > >
    > > I'm trying to work as a client with an HTTPS server that does not have a
    > > valid certificate.
    > > How can I fetch an HTTPS URL without certificate validation?
    > >
    > > What I've tried is:
    > > $wc = new-object system.net.webclient
    > > $wc.Credentials = $nc // NetworkCredentials - previously defined
    > > $wc.DownloadFile($url, "temp.html")
    > >
    > > And then I got:
    > >
    > > Exception calling "DownloadFile" with "2" argument(s): "The underlying
    > > connecti
    > > on was closed: Could not establish trust relationship for the SSL/TLS secure
    > > ch
    > > annel."
    > >
    > > So I read that I might need to set the validation callback of the
    > > ServicePointManager to always return true - but what is the syntax to do
    > > that? Or is there some other way to skip cert validation?
    > >
    > > (I'm referring to the folloing callback:
    > > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
    > >
    > > Thanks in advance,
    > > -Nick
    >
    > Hi Nick,
    >
    > Is the certificate expired, or is the certificate DN different from
    > the network name you're using to access the machine in the script?
    >
    > If it's the former, you're out of luck with PowerShell 1.0 because you
    > cannot assign scriptblocks that return a value as event handlers. The
    > ServerCertificateValidationCallback has a boolean return type, so you
    > cannot do this with pure script. If on the other hand, the ssl cert is
    > for www.blah.com (public ip) and you are connecting to blahnetbiosname
    > (192.168.*) , you could workaround the problem by adding an entry to
    > your HOSTS file for www.blah.com to resolve to the private ip.
    >
    > If you are trying to circumvent an expired cert, let us know and I'll
    > hack something up for you.
    >
    > - Oisin
    > - Oisin
    >
    It seems that the certificate has expired, and also the CA is not trusted
    (at least by my web browser). I'm not sure what the status of PowerShell 2.0
    is but I'm willing to give it a try if I can override the callback there.
    If not I'll just write a small program that downloads a file and execute it
    from PowerShell.

    Thanks a lot
    -Nick

      My System SpecsSystem Spec

How to perform HTTPS request with no certificate validation

Similar Threads
Thread Forum
Certificate Request: Who am I?
I am purchasing a CA issued certificate for the purpose of enabling ActiveSync and OWA. Please forgive my likely mis-use of terminology. I hope I...
SBS Server
The same HTTPS certificate on different server
Hi We have two web servers running on Win2003 Standard.One is for production and the second for testing. The have different IPs, but the public...
Server General
3rd Party Certificate Pending Request not found
Error: "The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response...
SBS Server
certificate request Error: 0x80070005
An error occurred while creating the certificate request. Please verify that you selected the correct CSP, or contact an administrator for...
Network & Sharing
certificate signing request
Can anyone tell me how to generate a Code Signing Certificate Signing Request for use in PoSH? I want the cert signed by a trusted issuer (ie. not...
PowerShell
Request Certificate with MMC fails
hi, i try to request a new certificate with the MMC Snap-In and it fails with the message "RPC Server is unavailable". But i'm connected to the...
Vista security
How to perform an http get request from a browser hosted applicati
Hi all, just before posting my question I found a solution :-) Anyway I feel that some others might run into the same issue, so I will post my...
Avalon