• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How to perform HTTPS request with no certificate validation

N

NickB

#1
Hi

I'm trying to work as a client with an HTTPS server that does not have a
valid certificate.
How can I fetch an HTTPS URL without certificate validation?

What I've tried is:
$wc = new-object system.net.webclient
$wc.Credentials = $nc // NetworkCredentials - previously defined
$wc.DownloadFile($url, "temp.html")

And then I got:

Exception calling "DownloadFile" with "2" argument(s): "The underlying
connecti
on was closed: Could not establish trust relationship for the SSL/TLS secure
ch
annel."

So I read that I might need to set the validation callback of the
ServicePointManager to always return true - but what is the syntax to do
that? Or is there some other way to skip cert validation?

(I'm referring to the folloing callback:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback)

Thanks in advance,
-Nick
 

My Computer

O

Oisin (x0n) Grehan [MVP]

#2
On Jun 30, 10:23 am, NickB <Ni...@xxxxxx> wrote:

> Hi
>
> I'm trying to work as a client with an HTTPS server that does not have a
> valid certificate.
> How can I fetch an HTTPS URL without certificate validation?
>
> What I've tried is:
> $wc = new-object system.net.webclient
> $wc.Credentials = $nc           // NetworkCredentials - previously defined
> $wc.DownloadFile($url, "temp.html")
>
> And then I got:
>
> Exception calling "DownloadFile" with "2" argument(s): "The underlying
> connecti
> on was closed: Could not establish trust relationship for the SSL/TLS secure
> ch
> annel."
>
> So I read that I might need to set the validation callback of the
> ServicePointManager to always return true - but what is the syntax to do
> that? Or is there some other way to skip cert validation?
>
> (I'm referring to the folloing callback:
> [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
>
> Thanks in advance,
> -Nick
Hi Nick,

Is the certificate expired, or is the certificate DN different from
the network name you're using to access the machine in the script?

If it's the former, you're out of luck with PowerShell 1.0 because you
cannot assign scriptblocks that return a value as event handlers. The
ServerCertificateValidationCallback has a boolean return type, so you
cannot do this with pure script. If on the other hand, the ssl cert is
for www.blah.com (public ip) and you are connecting to blahnetbiosname
(192.168.*) , you could workaround the problem by adding an entry to
your HOSTS file for www.blah.com to resolve to the private ip.

If you are trying to circumvent an expired cert, let us know and I'll
hack something up for you.

- Oisin
- Oisin
 

My Computer

N

NickB

#3
"Oisin (x0n) Grehan [MVP]" wrote:

> On Jun 30, 10:23 am, NickB <Ni...@xxxxxx> wrote:

> > Hi
> >
> > I'm trying to work as a client with an HTTPS server that does not have a
> > valid certificate.
> > How can I fetch an HTTPS URL without certificate validation?
> >
> > What I've tried is:
> > $wc = new-object system.net.webclient
> > $wc.Credentials = $nc // NetworkCredentials - previously defined
> > $wc.DownloadFile($url, "temp.html")
> >
> > And then I got:
> >
> > Exception calling "DownloadFile" with "2" argument(s): "The underlying
> > connecti
> > on was closed: Could not establish trust relationship for the SSL/TLS secure
> > ch
> > annel."
> >
> > So I read that I might need to set the validation callback of the
> > ServicePointManager to always return true - but what is the syntax to do
> > that? Or is there some other way to skip cert validation?
> >
> > (I'm referring to the folloing callback:
> > [System.Net.ServicePointManager]::ServerCertificateValidationCallback)
> >
> > Thanks in advance,
> > -Nick
>
> Hi Nick,
>
> Is the certificate expired, or is the certificate DN different from
> the network name you're using to access the machine in the script?
>
> If it's the former, you're out of luck with PowerShell 1.0 because you
> cannot assign scriptblocks that return a value as event handlers. The
> ServerCertificateValidationCallback has a boolean return type, so you
> cannot do this with pure script. If on the other hand, the ssl cert is
> for www.blah.com (public ip) and you are connecting to blahnetbiosname
> (192.168.*) , you could workaround the problem by adding an entry to
> your HOSTS file for www.blah.com to resolve to the private ip.
>
> If you are trying to circumvent an expired cert, let us know and I'll
> hack something up for you.
>
> - Oisin
> - Oisin
>
It seems that the certificate has expired, and also the CA is not trusted
(at least by my web browser). I'm not sure what the status of PowerShell 2.0
is but I'm willing to give it a try if I can override the callback there.
If not I'll just write a small program that downloads a file and execute it
from PowerShell.

Thanks a lot
-Nick
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)