41

I have a rest endpoint that doesn't perform an authentication check. I can run a simple curl commmand from Linux:

curl -k https://application/api/about

This responds.

However if try the following on PowerShell it fails:

Invoke-RestMethod https://application/api/about

Then I get:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ Invoke-RestMethod $Application
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Could some one please tell me how I can get around this problem ?

EDIT:

Trying with Invoke-WebRequest:

Invoke-WebRequest -Uri "https://application/api/about"

Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. At line:1 char:1 + Invoke-WebRequest -Uri "https://application/api/a ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

dross
  • 1,657
  • 1
  • 13
  • 20

3 Answers3

88

Using:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Taken from Powershell 3.0 Invoke-WebRequest HTTPS Fails on All Requests.

JamesThomasMoon
  • 4,639
  • 6
  • 33
  • 42
dross
  • 1,657
  • 1
  • 13
  • 20
22

in my case the TLS trick did not work, this seems to be a bug in powershell. you need to add the callback using .net code instead of a scriptblock.

#C# class to create callback
$code = @"
public class SSLHandler
{
    public static System.Net.Security.RemoteCertificateValidationCallback GetSSLHandler()
    {

        return new System.Net.Security.RemoteCertificateValidationCallback((sender, certificate, chain, policyErrors) => { return true; });
    }

}
"@

#compile the class
Add-Type -TypeDefinition $code

#disable checks using new class
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLHandler]::GetSSLHandler()
#do the request
try
{
    invoke-WebRequest -Uri myurl -UseBasicParsing
} catch {
    # do something
} finally {
   #enable checks again
   [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null
}
Justin
  • 1,059
  • 12
  • 26
  • 3
    This worked for me while setting `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}` and `[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy` didn't. – Andy Arismendi Mar 10 '19 at 17:24
  • @justin I do not understand why this worked, but it did. Is it a powershell version issue? – MonaLisaOverdrive Jun 05 '19 at 16:48
  • @AndyArismendi using {$true} does work, but you can get yourself into trouble if there are too many calls to https. that is why you need a compiled class. – Justin Jun 13 '19 at 02:13
  • @MonaLisaOverdrive as far as i can tell it is a powershell issue, basically it keeps reloading the powershell runspace and eventually reaches a point where it can't. – Justin Jun 13 '19 at 02:13
2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

Works in Windows server 2016

Major Minor Build Revision

5 1 17763 1007

ssilas777
  • 9,476
  • 4
  • 43
  • 66
Anand Joshi
  • 61
  • 3