Powershell v3 Invoke-WebRequest HTTPS 오류
Powershell v3의 Invoke-WebRequest 및 Invoke-RestMethod 사용 성공적으로 POST 메소드를 사용하여 JSON 파일을 https 웹 사이트에 게시했습니다.
내가 사용하는 명령은
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("cert.crt")
Invoke-WebRequest -Uri https://IPADDRESS/resource -Credential $cred -certificate $cert -Body $json -ContentType application/json -Method POST
그러나 GET 방법을 사용하려고하면 다음과 같습니다.
Invoke-WebRequest -Uri https://IPADDRESS/resource -Credential $cred -certificate $cert -Method GET
다음과 같은 오류가 반환됩니다
Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:8 char:11
+ $output = Invoke-RestMethod -Uri https://IPADDRESS/resource -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
SSL 인증서를 무시하기 위해 다음 코드를 사용하려고 시도했지만 실제로 어떤 작업을 수행하는지 잘 모르겠습니다.
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
누군가 여기서 잘못 될 수있는 문제와 해결 방법에 대한 지침을 제공 할 수 있습니까?
감사
이 해결 방법은 나를 위해 일했습니다 : http://connect.microsoft.com/PowerShell/feedback/details/419466/new-webserviceproxy-needs-force-parameter-to-ignore-ssl-errors
기본적으로 PowerShell 스크립트에서 :
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$result = Invoke-WebRequest -Uri "https://IpAddress/resource"
Lee의 대답은 훌륭하지만 웹 서버가 지원하는 프로토콜에 문제가 있습니다.
다음 줄을 추가 한 후에 https 요청을 얻을 수 있습니다. 이 답변에서 지적했듯이 https://stackoverflow.com/a/36266735
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
Lee의 코드가있는 내 전체 솔루션.
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
사용해 보셨습니까 System.Net.WebClient?
$url = 'https://IPADDRESS/resource'
$wc = New-Object System.Net.WebClient
$wc.Credentials = New-Object System.Net.NetworkCredential("username","password")
$wc.DownloadString($url)
다음은 저에게 효과적이며 (더 이상 사용되지 않는 최신 수단을 사용하여 SSL 인증서 / 콜백 기능과 상호 작용) 동일한 powershell 세션 내에서 동일한 코드를 여러 번로드하려고 시도하지 않습니다.
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback=@"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
[ServerCertificateValidationCallback]::Ignore();
이것은 다음 기사 https://d-fens.ch/2013/12/20/nobrainer-ssl-connection-error-when-using-powershell/ 에서 수정되었습니다.
이 콜백 함수를 사용하여 SSL 인증서를 무시할 때 [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
I always got the error message Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. which sounds like the results you are having.
I found this forum post which lead me to the function below. I run this once inside the scope of my other code and it works for me.
function Ignore-SSLCertificates
{
$Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
$Compiler = $Provider.CreateCompiler()
$Params = New-Object System.CodeDom.Compiler.CompilerParameters
$Params.GenerateExecutable = $false
$Params.GenerateInMemory = $true
$Params.IncludeDebugInformation = $false
$Params.ReferencedAssemblies.Add("System.DLL") > $null
$TASource=@'
namespace Local.ToolkitExtensions.Net.CertificatePolicy
{
public class TrustAll : System.Net.ICertificatePolicy
{
public bool CheckValidationResult(System.Net.ServicePoint sp,System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Net.WebRequest req, int problem)
{
return true;
}
}
}
'@
$TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)
$TAAssembly=$TAResults.CompiledAssembly
## We create an instance of TrustAll and attach it to the ServicePointManager
$TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
[System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
}An alternative implementation in pure powershell (without Add-Type of c# source):
#requires -Version 5
#requires -PSEdition Desktop
class TrustAllCertsPolicy : System.Net.ICertificatePolicy {
[bool] CheckValidationResult([System.Net.ServicePoint] $a,
[System.Security.Cryptography.X509Certificates.X509Certificate] $b,
[System.Net.WebRequest] $c,
[int] $d) {
return $true
}
}
[System.Net.ServicePointManager]::CertificatePolicy = [TrustAllCertsPolicy]::new()
I tried searching for documentation on the EM7 OpenSource REST API. No luck so far.
http://blog.sciencelogic.com/sciencelogic-em7-the-next-generation/05/2011
There's a lot of talk about OpenSource REST API, but no link to the actual API or any documentation. Maybe I was impatient.
Here are few things you can try out
$a = Invoke-RestMethod -Uri https://IPADDRESS/resource -Credential $cred -certificate $cert
$a.Results | ConvertFrom-Json
Try this to see if you can filter out the columns that you are getting from the API
$a.Results | ft
or, you can try using this also
$b = Invoke-WebRequest -Uri https://IPADDRESS/resource -Credential $cred -certificate $cert
$b.Content | ConvertFrom-Json
Curl Style Headers
$b.Headers
I tested the IRM / IWR with the twitter JSON api.
$a = Invoke-RestMethod http://search.twitter.com/search.json?q=PowerShell
Hope this helps.
- Run this command
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname {your-site-hostname}
in powershell using admin rights, This will generate all certificates in Personal directory
- To get rid of Privacy error, select these certificates, right click → Copy. And paste in Trusted Root Certification Authority/Certificates.
- Last step is to select correct bindings in IIS. Go to IIS website, select Bindings, Select SNI checkbox and set the individual certificates for each website.
Make sure website hostname and certificate dns-name should exactly match
If you run this as administrator, that error should go away
These registry settings affect .NET Framework 4+ and therefore PowerShell. Set them and restart any PowerShell sessions to use latest TLS, no reboot needed.
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
See https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto
참고URL : https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
'program tip' 카테고리의 다른 글
| Java에서 HashMap을 정렬하는 방법 (0) | 2020.07.30 |
|---|---|
| AngularJs에서 ng-repeat로 필터링 (키, 값)하는 방법은 무엇입니까? (0) | 2020.07.30 |
| Java에서 URL 또는 URI를 작성하는 관용적 방법은 무엇입니까? (0) | 2020.07.30 |
| Vim에서 삭제 (잘라 내지 않는) 방법? (0) | 2020.07.30 |
| Xcode 9의 "이 함수 선언은 프로토 타입이 아닙니다"경고 (0) | 2020.07.30 |