locked
Invoke-WebRequest with Cert instead of userid/pass RRS feed

  • Question

  • Hi,

    I am trying to connect to a Linux server to execute some actions on it via their Web API. They gave user id and password for testing purpose in sandbox env which worked fine however when we moved to their Prod Linux environment they gave certificate and key code for the similar userid/pass to connect to the Linux server to execute some action via Web API.

    I was using Invoke-WebRequest with -Credential parameter earlier in sandbox by passing userid/pass and that was working fine.

    Now we moved to Prod and I am trying with -Certificate parameter with the certificate I took with Get-PFXCertificate (received from them) I am getting below error.

            Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.

    Now when they try from Linux machine with same certificate using below curl command it works from them.

            $ curl -k --cert example.localdomain.crt --key example.localdomain.key 'https://example.localdomain:5665/v1/status'

    I am not sure how to pass the Key using Invoke-WebRequest cmdlet. Also this has to run from all the Windows servers in the domain so I don't want to import the certificate to all the servers (thousands of them).

    Any pointer on this on how to pass the certificate with the key in Invoke-WebRequest cmdlet?

    Thanks,


    Amit Tank | Blog: exchangeshare.wordpress.com

    Monday, June 5, 2017 4:36 PM

Answers

  • In this scenario I believe you need to use the key or install the certificate using the key the reference the cert by its thumbprint.


    \_(ツ)_/

    • Proposed as answer by Hello_2018 Tuesday, June 6, 2017 8:27 AM
    • Marked as answer by Amit Tank Tuesday, June 6, 2017 4:37 PM
    Monday, June 5, 2017 6:32 PM

All replies

  • In this scenario I believe you need to use the key or install the certificate using the key the reference the cert by its thumbprint.


    \_(ツ)_/

    • Proposed as answer by Hello_2018 Tuesday, June 6, 2017 8:27 AM
    • Marked as answer by Amit Tank Tuesday, June 6, 2017 4:37 PM
    Monday, June 5, 2017 6:32 PM
  • That was it. They used openssl utility to generate the pfx with combination of cer and key and gave back. It worked as expected!

    Amit Tank | Blog: exchangeshare.wordpress.com

    Tuesday, June 6, 2017 4:37 PM