none
PowerShell 1.0: Trust Any SSL Cert

    Question

  • Is there a way to translate:

    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True}

    into something that PowerShell 1.0 is able to use?

    This is the error I receive, when I try to use it in PowerShell 1.0: Exception setting "ServerCertificateValidationCallback": "Cannot convert value "$True" to type "System.Net.Security.RemoteCertificateValidationCallback". Error: "Error binding to target method.""

    I believe this is a delegate, but I'm unsure how to program for a delegate in PowerShell.

    Thursday, February 16, 2012 4:38 PM

Answers

  • function Ignore_SLL
    {
    	$Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
    	$Compiler= $Provider.CreateCompiler()
    	$Params = New-Object System.CodeDom.Compiler.CompilerParameters
    	$Params.GenerateExecutable = $False
    	$Params.GenerateInMemory = $True
    	$Params.IncludeDebugInformation = $False
    	$Params.ReferencedAssemblies.Add("System.DLL") > $null
    	$TASource=@'
    		namespace Local.ToolkitExtensions.Net.CertificatePolicy
    		{
    			public class TrustAll : System.Net.ICertificatePolicy
    			{
    				public TrustAll() {}
    				public bool CheckValidationResult(System.Net.ServicePoint sp,System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Net.WebRequest req, int problem)
    				{
    					return true;
    				}
    			}
    		}
    '@ 
    	$TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)
    	$TAAssembly=$TAResults.CompiledAssembly
            ## We create an instance of TrustAll and attach it to the ServicePointManager
    	$TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
            [System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
    }

    In case anyone ever has this problem, in the future: You create the function, and simply call in your main block of code. That simple. Doesn't seem like it, but it is.
    Sunday, April 1, 2012 10:02 AM

All replies

  • wow, been a long time since I've used 1...
    couple of things come to mind... this is a delegate so maybe its += rather
    than just =
     
    also I think I recall scriptblocks working differently back in the day..
     
    try this
     
    $sb = {$true}
    ($sb).GetType()
     
    whats that return?
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Thursday, February 16, 2012 6:37 PM
  • Try this:

    Function ReturnTrue()
    {
    	return $true
    }
    
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback =  ReturnTrue

    Reason: ServerCertificateValidationCallback is a delegate

    LMK if you still get error.


    Please click “Mark as Answer” if this post answers your question and click "Vote as Helpful" if this Post helps you.

    Friday, February 17, 2012 1:42 AM
  • Hi,

    Based on my research,ServerCertificateValidationCallback Property Value

    Type: System.Net.Security.RemoteCertificateValidationCallback
    A RemoteCertificateValidationCallback. The default value is Nothing.

    RemoteCertificateValidationCallback() Return Value

    Type: System.Boolean (delegate bool)
    A Boolean value that determines whether the specified certificate is accepted for authentication.

    Please refer to the below link for more information:

    http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx

    http://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback.aspx

    Hope this helps.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Friday, February 17, 2012 6:38 AM
    Moderator
  • Bhavik:

    I still get an error, when I use your script:

    Exception setting "ServerCertificateValidationCallback": "Cannot convert value "True" to type "System.Net.Security.Remo
    teCertificateValidationCallback". Error: "Invalid cast from 'System.Boolean' to 'System.Net.Security.RemoteCertificateV
    alidationCallback'.""


    Friday, February 17, 2012 7:34 AM
  • jrich:

    When I use your scipt, I return the following error:

    Exception setting "ServerCertificateValidationCallback": "Cannot convert "System.Management.Automation.ScriptBlock" to "System.Net.Security.RemoteCertificateValidationCallback"."

    When I drop it into just plain PowerShell 1.0, this is the return:


    IsPublic IsSerial Name                                     BaseType
    -------- -------- ----                                     --------
    True     False    ScriptBlock                              System.Object


    Friday, February 17, 2012 7:37 AM
  • Hey...just wanted to confirm...did you tried as jrich suggested like below.

    [System.Net.ServicePointManager]::ServerCertificateValidationCallback += {$true}


    Please click “Mark as Answer” if this post answers your question and click "Vote as Helpful" if this Post helps you.

    Friday, February 17, 2012 7:43 AM
  • Bhavik, this is the error I get for

    [System.Net.ServicePointManager]::ServerCertificateValidationCallback += {$true}

    Exception setting "ServerCertificateValidationCallback": "Cannot convert value "$true" to type "System.Net.Security.RemoteCertificateValidationCallback". Error: "Error binding to target method.""


    Edit: I've tried looking for the documentation on how the change was made between 1.0 and 2.0, to see what the programmatic logic was, behind the curtain, to no avail.
    Friday, February 17, 2012 8:13 AM
  • im not sure v1 will support delegates like this. its not just a property it’s
    a delegate for an event so that if you wanted to validate the ssl cert
    yourself you can..
     
    so in V2 its using the script block as a function assigned to the delegate..
     
    probably is V1 is not doing the conversion of a script block to a
    function...
     
    the only other thing im thinking (not sure this is possible either) is to
    embed C# code in to your PS script. but im not sure add-type works in V1 so
    im not sure you can even embed that...
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Friday, February 17, 2012 1:41 PM
  • What I think is odd is that it was changed (in PowerShell) from a delegate (v1) to a bool (v2); yet, there's no documentation for what was done, programmatically, in order to do this. My script works perfectly fine in v2 - but I have to make it backwords compatible for v1 and this is where my catch is...

    I attempted Auto-Complete, for Add-Type, using PowerShell to no avail; so, it looks like embeded C# will not be a route I can take, either.


    Friday, February 17, 2012 2:05 PM
  • Powershell V1 uses .NET 2.0 as does V2, V3 has moved to 4 (or 3.5)
     
    the code in V2 is not just assigning true, it’s a code block which
    powershell is assigning to the delegate (hows your understanding of
    delegates?)
     
    the scriptblock does nothing but return true...
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Friday, February 17, 2012 2:19 PM
  • My understanding of delegates is atrocious, to be honest. I'm going to go do research/learn about them, right now.

    Friday, February 17, 2012 2:31 PM
  • really all you need to know is that you are assigning a function to an
    event...
     
    think of basic C# on_click, if you look at whats going on there your
    on_click function is being assigned to the object
     
    so what this is saying is that when validation is needed, call this
    function...
     
    the function for this does nothing but return true, ie its ok carry on...
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Friday, February 17, 2012 2:57 PM
  • function Ignore_SLL
    {
    	$Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
    	$Compiler= $Provider.CreateCompiler()
    	$Params = New-Object System.CodeDom.Compiler.CompilerParameters
    	$Params.GenerateExecutable = $False
    	$Params.GenerateInMemory = $True
    	$Params.IncludeDebugInformation = $False
    	$Params.ReferencedAssemblies.Add("System.DLL") > $null
    	$TASource=@'
    		namespace Local.ToolkitExtensions.Net.CertificatePolicy
    		{
    			public class TrustAll : System.Net.ICertificatePolicy
    			{
    				public TrustAll() {}
    				public bool CheckValidationResult(System.Net.ServicePoint sp,System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Net.WebRequest req, int problem)
    				{
    					return true;
    				}
    			}
    		}
    '@ 
    	$TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)
    	$TAAssembly=$TAResults.CompiledAssembly
            ## We create an instance of TrustAll and attach it to the ServicePointManager
    	$TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
            [System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
    }

    In case anyone ever has this problem, in the future: You create the function, and simply call in your main block of code. That simple. Doesn't seem like it, but it is.
    Sunday, April 1, 2012 10:02 AM
  • Thanks for this.  Found it useful today in resolving an irritating SSL Trust issue with a PS v3/4 script!

    My only regret is that the URL for sharing this is so long... :D

    Tuesday, May 13, 2014 6:34 PM