Wednesday, April 12, 2023

How to skip SkipCertificateCheck

I am getting below error while calling Invoke-WebRequest and Invoke-RestMethod commandlets in powershell. Problem:-1
Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for SSL/TLS secure channel At line:2 char:6 + $r= Invoke-WebRequest -Uri $url -Headers $headers + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Solution: 

1.Add Type 'ServerCertificateValidationCallback to define metod SkipCertificateCheck to skip certificate check.

```sh
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
    {
		$certCallback = "
			using System;
			using System.Net;
			using System.Net.Security;
			using System.Security.Cryptography.X509Certificates;
			public class ServerCertificateValidationCallback
			{
				public static void SkipCertificateCheck()
				{
					if(ServicePointManager.ServerCertificateValidationCallback ==null)
					{
						ServicePointManager.ServerCertificateValidationCallback += 
							delegate
							(
								Object obj, 
								X509Certificate certificate, 
								X509Chain chain, 
								SslPolicyErrors errors
							)
							{
								return true;
							};
					}
				}
			}
		"
			Add-Type -TypeDefinition $certCallback -Language CSharp 
	}

```
2.Call SkipCertificateCheck() method before calling Invoke-WebRequest and Invoke-RestMethod commandlets in powershell.

```sh 
	[ServerCertificateValidationCallback]::SkipCertificateCheck()
    Invoke-WebRequest -Uri "https://www.nuget.org/" 
```
Problem:2
Note: Don't set SecurityProtocol to Tls12 if using windows 10 and lower version of Windows 2016 

```sh 
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
```
If set SecurityProtocol as Tls12 then response of Invoke-WebRequest and Invoke-RestMethod commandlets will return below exception
Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. At line:2 char:6 + $r= Invoke-WebRequest -Uri $url -Headers $headers + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand 
 
Due to PowerShell defaults, it’s not unusual to have issues with TLS. 
 
The ambiguous nature of this error did however make me jump to the conclusion that I probably just needed to enforce TLS 1.2. This can be done using this PowerShell one-liner 
 but it doesn't solve problem 

```sh

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

```
Solution: The resolution and solution for the problem is to allow TLS, TLS 1.1 and TLS 1.2. Insert the following line before invoking your PowerShell WebRequest using either Invoke-RestMethod or Invoke-WebRequest. 

```sh

[Net.ServicePointManager]::SecurityProtocol = = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

```
Solution: Just close powershell IDE\window and reopen n then Powershell defaults will be restored then it will solve the problem
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)