PowerShell hack to ignore ssl certificates when using Invoke-WebRequest

Invoke-WebRequest_Ignore_SSL.ps1

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12
$Header = @{"api-token"="1234567890"}
$Request = Invoke-WebRequest -Uri "https://api.example.com" -Headers $Header -Method Get -ContentType "Application/Json"

@pandieme how are you using that edition check in practice? I found it will fail to execute at all in PowerShell Core due to the ParserError issue for class references described in PowerShell: Unable to find type when using PS 5 classes and Defining a PowerShell class in a script causes a parser error if the class references external types that aren't currently loaded

ParserError:
Line |
   3 |  class TrustAllCertsPolicy : System.Net.ICertificatePolicy {
     |                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Unable to find type [System.Net.ICertificatePolicy].

@scarson - Aha yeah, so in practice it's kind of a pain, as the System.Net.ICertificatePolicy class does not exist at all for new age PowerShell, and code will not run at all if it's present in your script. In my particular case, I was using it in a module that is imported dynamically, so... here's how I'm using it, but I would suggest a good TLDR is don't bother, just use the C# snippet, it aint that bad 😅

My module has a tree something like this

-- MyModule/
---- private/
------ PrivateFunction.ps1
----public/
------ PublicFunction.ps1
-- MyModule.psm1
-- MyModule.psd1

The, in PowerShell Core, errornous code is inside the PrivateModule.ps1 file.

using namespace System.Net
using namespace System.Security.Cryptography.X509Certificates
using namespace System.Management.Automation

#Requires -PSEdition Desktop

function Set-TrustAllCertsPolicy {
    if (-not ([PSTypeName]'TrustAllCertsPolicy').Type) {
        class TrustAllCertsPolicy : ICertificatePolicy {
            [bool] CheckValidationResult(
                [ServicePoint]$srvPoint,
                [X509Certificate]$certificate,
                [WebRequest]$request,
                [int]$certificateProblem
            ) {
                return $true
            }
        }
    }

    [ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}

The Public function that would use this Private function is in PublicFunction.ps1

using namespace System.Net

function Set-BypassCertificatePolicy {
    if ($PSVersionTable.PSEdition -eq 'Desktop') {
        Set-TrustAllCertsPolicy
    }

    [ServicePointManager]::SecurityProtocol = [SecurityProtocolType]::Tls12
}

And the import logic for this dynamic module is governed by the MyModule.psm1 file

using namespace System.Collections.Generic

[List[string]]$PublicFunctions = @()

[array]$WindowsPowerShellOnly = @(
    'Set-TrustAllCertsPolicy'
)

"$PSScriptRoot\public", "$PSScriptRoot\private" | ForEach-Object {
    if (Test-Path -Path $_) {
        Get-ChildItem -Path $_ -Filter "*.ps1" -Recurse | ForEach-Object {
            if (($_.BaseName -in $WindowsPowerShellOnly) -and ($PSEdition -ne 'Desktop')) { return }
            if ($_.FullName -match 'public') {$PublicFunctions.Add($_.BaseName)}
            . $_.FullName
        }
    }
}

Export-ModuleMember -Function $PublicFunctions

Because the private function's name that won't execute in PowerShell Core is in the $WindowsPowerShellOnly array, when it gets to the check if (($_.BaseName -in $WindowsPowerShellOnly)... it won't be imported if it's not PSEdition Desktop.

At the time I put that together I was determined to keep my codebase purely PowerShell, but having had time to think about it over time, I would in future simply do the PSEdition check and if it's Desktop, import the type using the C# snippet. But regardless, this code here is in use and working fine, it's just a level of complexity that isn't necessary and I think really only satisfied my curiosity and former stubbornness, but hey it's all part of the journey I guess.

Anyway, that's my answer to how I'm using that check in practice. Good luck and have fun!

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } works on Windows + PS 5.1

If you just need to access some address, like running some sort of webhook, you can use curl:

  $response = & curl.exe --insecure -X GET "$TriggerURL"
   if ($response -notmatch "ok") {
   ...