powershellssl

Ignore SSL warning with powershell downloadstring


I've got this beautiful one liner which calls a webservice of mine via Task Scheduler:

-ExecutionPolicy unrestricted -Command "(New-Object Net.WebClient).DownloadString(\"https://127.0.0.1/xxx\")"

But my webservice has SSL now and I want to make a local call so it gives an SSL exception. So is there a way to ignore the SSL warning with this one liner?


Solution

  • With the one-liner you don't have many options in ignoring the SSL-warning (with the WebClient downloadstring method).

    You could try doing this before invoking the command :

    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
    

    Since you're using this in a task-scheduler, I'd add it before the DownloadString command with a ';' to seperate the two commands.

    This should do the trick, which would set the callback in the session:

     -ExecutionPolicy unrestricted -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};(New-Object Net.WebClient).DownloadString(\"127.0.0.1/xxx\")" 
    

    If you have a newer Powershell installation (check if you have the invoke-webrequest cmdlet available), you can use this cmdlet in addtion to a security policy. Still not a one-liner, but this should do the trick :

    add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
    "@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    
    $result = Invoke-WebRequest -Uri ""https://127.0.0.1/xxx"
    

    Try to see if that works from a normal host, if so, you could bundle it in a simple script and use this in your scheduled task.