Invoke-WebRequest to self-signed endpoints

Product: PowerShell Universal
Version: 1.5.16

Hi,

does anybody tried connecting to a self-signed endpoint already or am I the only one? If I try to ignore self-signed certificates with following code:

Add-Type -TypeDefinition @" 
using System.Net; 
using System.Security.Cryptography.X509Certificates; 
public class TrustAllCertsPolicy : ICertificatePolicy { 
	public bool CheckValidationResult( 
		ServicePoint srvPoint, X509Certificate certificate, 
		WebRequest request, int certificateProblem) { 
		return true; 
	} 
} 
"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object -TypeName TrustAllCertsPolicy 

I get the error message:

[11:35:48] [ERR] c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(3) : The type or namespace name 'ICertificatePolicy' could not be found (are you missing a using directive or an assembly reference?)

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(2) : using System.Security.Cryptography.X509Certificates; 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(3) : >>> public class TrustAllCertsPolicy : ICertificatePolicy { 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(4) : 	public bool CheckValidationResult( 
 
[11:35:48] [ERR] c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(5) : The type name 'ServicePoint' could not be found. This type has been forwarded to assembly 'System.Net.ServicePoint, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51'. Consider adding a reference to that assembly.

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(4) : 	public bool CheckValidationResult( 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(5) : >>> 		ServicePoint srvPoint, X509Certificate certificate, 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(6) : 		WebRequest request, int certificateProblem) { 
 
[11:35:48] [ERR] c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(6) : The type name 'WebRequest' could not be found. This type has been forwarded to assembly 'System.Net.Requests, Version=4.1.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. Consider adding a reference to that assembly.

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(5) : 		ServicePoint srvPoint, X509Certificate certificate, 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(6) : >>> 		WebRequest request, int certificateProblem) { 

c:\Users\USERNAME\AppData\Local\Temp\rxv4y2ek\rxv4y2ek.0.cs(7) : 		return true; 
 
[11:35:48] [ERR] Cannot add type. Compilation errors occurred. 
[11:35:48] [ERR] Cannot find type [TrustAllCertsPolicy]: verify that the assembly containing this type is loaded. 

Instance is running on an IIS with PowerShell environment 5.1.17763.1432.

Thanks for any help in advance,
zweailltienrger

IIS has some problems with compiling C# on the fly in PowerShell. You’ll notice similar issues with New-WebServiceProxy.

You can work around this by using Add-Type outside of Universal and use the -OutputAssembly parameter. Then in your script, load the assembly with Add-Type or System.Reflection.Assembly.LoadFrom.

Not sure if this what you are looking but Invoke-WebRequest have a flag for skipping/ignoring certificate checks -SkipCertificateCheck. I use it with self-signed certs. However, this flag is only available in PS7 and higher.

Invoke-WebRequest "SOME ENDPOINT HERE" -SkipCertificateCheck

That was a great hint, thank you very much!

Thank you, unfortunately I’m not able to use the switch in my environment.