Reputation: 5104
how to ignore SSL certificate is signed by an unknown certificate authority problem?
I'm developing c# application to call Exchange Management Shell Cmdlets. It always comes out with an exception of "The server certificate on the destination computer (208.243.XX.2XX:443) has the following errors:
The SSL certificate is signed by an unknown certificate authority.
The SSL certificate contains a common name (CN) that does not match the hostname. "
But I did write code to accept all certificate, don't know why still get the error.
My code:
PSCredential credential = new PSCredential("administrator", securePwd);
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri("https://208.243.49.20/powershell"), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", credential);
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
Runspace runspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace(connectionInfo);
PowerShell powershell = PowerShell.Create();
PSCommand command = new PSCommand();
command.AddCommand("New-Mailbox");
command.AddParameter("Name", "TestName");
powershell.Commands = command;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(
delegate { return true; }
);
try
{
runspace.Open();//This is where the exception happens
powershell.Runspace = runspace;
Collection<PSObject> result= powershell.Invoke();
}
Upvotes: 6
Views: 14338
Answers (4)
Reputation: 74
WSManConnectionInfo object has two properties to skip certificate checks.
connectionInfo.SkipCACheck = true;
connectionInfo.SkipCNCheck = true;
Upvotes: 5
Reputation: 30165
Shot in the dark: perhaps set the ServicePointManager delegate before you create the instance of runspace. I'm just speculating that construction of the runspace instance might capture and store the delegate from ServicePointManager.
Also, be sure the question answered by the delegate is what you think. Is it asking "valid certificat?" or is it asking "invalid certificate?" If the latter, then change your delegate to { return false; }
One last thing: is powershell executing from a seperate process? If yes, then the ServicePointManager setting won't help you.
Upvotes: 1
Reputation: 1604
I think Brent is correct re: needs to be in the PowerShell process. You'll need a line like the following in your PS:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback += { $true }
Did the following test against an untrusted SSL site and confirmed it overrides the error:
$url = "https://www.us.army.mil"
$wc = new-object system.net.webclient
$x = $wc.downloadstring($url) # will fail
[System.Net.ServicePointManager]::ServerCertificateValidationCallback += { $true }
$x = $wc.downloadstring($url) # should succeed
... That said, it's strange that you say the exception happens upon opening the runspace, if that's the case then maybe not, since you aren't even getting to the point of execution of the PowerShell code.
Upvotes: 3
Reputation: 5667
I agree with Brent, try putting the ServicePointManager call as the first call you make, before even creating the Uri.
The delegate is also missing some parameters, however. Give this a shot:
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
Upvotes: 3
Related Questions
- bypass invalid SSL certificate in .net core
- Get SSL Certificate 'Issued to'
- How do I download the certificate from a web server that is self signed using PowerShell?
- Ignore bad certificate - .NET CORE
- Removing self signed certificate from my store
- Ignore Self-Signed Certificates
- Disable a certificate in the Root using PowerShell
- Bypass Internet Explorer certificate warning
- Create self signed iis ssl certificate from powershell
- How to get pass "The site's security certificate is not trusted!" while monitoring URLs in powershell