Invoke-RestMethod - 忽略自签名证书

Question

似乎这个问题已被提出并得到解答,但到目前为止,我遇到的每个解决方案都无济于事.我正在编写一个PowerShell脚本来运行一些REST API来获取使用信息.我的脚本只是在尝试与服务器通信时立即中断.为了测试,我做了一个非常简单的命令:

Invoke-RestMethod 'https://server:4443/login'

它返回此错误:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

我可以运行相同的命令,但使用URL google.com,我得到一个有效的返回,所以我知道该命令正在发挥作用.

如果我在服务器本身运行curl等效项,事情就会按预期完成.这是curl命令的详细输出的片段:

* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
*        subject: CN=localhost
*        start date: 2016-03-22 21:48:57 GMT
*        expire date: 2026-03-20 21:48:57 GMT
*        issuer: CN=localhost
*        SSL certificate verify result: self signed certificate (18), continuing anyway.

我只假设这是一个自签名证书问题,基于搜索PowerShell返回的相当普遍的错误.

我试过了:

[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

和其他类似的方法(复杂的功能),以帮助忽略证书问题,没有运气.

我正在运行PowerShell 5以防万一.

我使用PowerShell代码很不错,但这是我第一次尝试调用Invoke-RestMethod,所以也许我错过了一些东西.任何见解都表示赞赏.

Answer 1

这也可以在powershell的更高版本中使用invoke-restmethod/webrequest.它通过将处理程序实现为本机.net来避免对运行空间的要求:

if (-not("dummy" -as [type])) {
    add-type -TypeDefinition @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public static class Dummy {
    public static bool ReturnTrue(object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; }

    public static RemoteCertificateValidationCallback GetDelegate() {
        return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
    }
}
"@
}

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()

希望这可以帮助.

Answer 2

如果在@x0n 回答之后，您仍然有问题，请尝试在 Request/Rest this 之前添加

[System.Net.ServicePointManager]::SecurityProtocol =[System.Net.SecurityProtocolType]::Tls12

我的工作脚本：

if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
    {
        public static void Ignore()
        {
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
            {
                ServicePointManager.ServerCertificateValidationCallback += 
                    delegate
                    (
                        Object obj, 
                        X509Certificate certificate, 
                        X509Chain chain, 
                        SslPolicyErrors errors
                    )
                    {
                        return true;
                    };
            }
        }
    }
"@
    Add-Type $certCallback
 }

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
[ServerCertificateValidationCallback]::Ignore()

Invoke-WebRequest https://*YOUR URI*

Answer 3

我知道这是旧的，但是当我在没有实际检查的情况下遇到这个问题时它仍然出现。谷歌优先吗？

尝试这个：

invoke-restMethod -SkipCertificateCheck -uri 'https://server:4443/login' -etc..etc..etc..

通过谷歌得到它：https : //docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod? view =powershell-6