Ignore SSL warning with powershell downloadstring

With the one-liner you don't have many options in ignoring the SSL-warning (with the WebClient downloadstring method).

You could try doing this before invoking the command :

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;

Since you're using this in a task-scheduler, I'd add it before the DownloadString command with a ';' to seperate the two commands.

This should do the trick, which would set the callback in the session:

 -ExecutionPolicy unrestricted -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};(New-Object Net.WebClient).DownloadString(\"127.0.0.1/xxx\")" 

If you have a newer Powershell installation (check if you have the invoke-webrequest cmdlet available), you can use this cmdlet in addtion to a security policy. Still not a one-liner, but this should do the trick :

add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
    }
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$result = Invoke-WebRequest -Uri ""https://127.0.0.1/xxx"

Try to see if that works from a normal host, if so, you could bundle it in a simple script and use this in your scheduled task.


If you're looking to implement a conditional policy, use the following.

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {
    param(
        [object]$sender,
        [Security.Cryptography.X509Certificates.X509Certificate] $certificate, 
        [Security.Cryptography.X509Certificates.X509Chain] $chain, 
        [Net.Security.SslPolicyErrors] $sslPolicyErrors
    )
    # Implement your custom logic here
    $true
}

Tags:

Ssl

Powershell