忽略来自 Powershell Invoke-RestMethod 的自签名证书不起作用(它再次更改......)

本文介绍了忽略来自 Powershell Invoke-RestMethod 的自签名证书不起作用(它再次更改......)的处理方法,对大家解决问题具有一定的参考价值

问题描述

使用忽略证书验证的标准解决方案后,Invoke-RestMethod正在返回:

After using standard solutions for ignoring certificate verification, Invoke-RestMethod is returning:

Invoke-RestMethod : A system error occurred and has been logged.  Please try again later or contact your administrator.

我今天才注意到这个失败,所以我认为它与 Powershell 更新有关.标准解决方案"是指:

I just noticed this failure today, so I think it has something to do with a Powershell update. By "standard solutions" I mean:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

几个月前停止工作,并在添加到 Powershell 的 C# 类型中正确设置回调(历史记录中的以下描述).

which stopped working a few months ago, and setting the callback properly in a C# type added to Powershell (description below in History).

这是我的环境:

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.15063.674
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.15063.674
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

这里有一点历史,所以这个问题不只是作为重复而被关闭.

Here is a little history so this question doesn't just get closed as a duplicate.

如果您在 Google 周围搜索或搜索 StackOverflow,您会发现这个问题带有一些预设回复.但是,今天我注意到所有标准解决方案都不再起作用了.

If you Google around or search StackOverflow you can find this question coming up with a few canned responses. However, today I noticed that all of the standard solutions aren't working anymore.

Powershell 给出的标准错误是:

The standard error Powershell gives is:

Invoke-RestMethod : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

论坛上给出的标准答案是在调用 Invoke-RestMethod 之前使用此命令:

The standard answer given on forums everywhere is to use this command before you call Invoke-RestMethod:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

但如果您使用的是最新版本的 Windows 10/2016 和 Powershell,那么您对 ​​Invoke-RestMethod 的调用将返回:

But if you're using an up to date version of Windows 10 / 2016 and Powershell, then your call to Invoke-RestMethod will return:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

关于为什么会发生这种情况的解释可以在 on Huddled Masses 中找到博客.可以概括为:

The explanation for why that happens is found on Huddled Masses blog. It can be summarized as:

将 ServerCertificateValidationCallback 设置为 scriptblock 不适用于异步回调(发生在任务线程上),因为另一个线程没有运行空间来执行脚本.

Setting the ServerCertificateValidationCallback to a scriptblock won't work for an asynchronous callback (one that happens on a task thread), because the other thread won't have a runspace to execute the script on.

最初,我一直在用这段代码解决这个问题:

Originally, I had been solving that problem with this code:

if (-not ([System.Management.Automation.PSTypeName]"TrustAllCertsPolicy").Type)
{
    Add-Type -TypeDefinition  @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem)
    {
        return true;
    }
}
"@
}

if ([System.Net.ServicePointManager]::CertificatePolicy.ToString() -ne "TrustAllCertsPolicy")
{
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}

但是,这在 Windows Server 2016 上不起作用,即使它在 Windows 10 上运行良好.所以,基于 Huddled Masses 我写这个是为了在 C# 而不是脚本块中处理证书验证回调:

But, that didn't work on Windows Server 2016, even though it was working fine on Windows 10. So, based on Huddled Masses I wrote this up to handle certificate validation callbacks in C# rather than a script block:

function Disable-SslVerification
{
    if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type)
    {
        Add-Type -TypeDefinition  @"
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public static class TrustEverything
{
    private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,
        SslPolicyErrors sslPolicyErrors) { return true; }
    public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }
    public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }
}
"@
    }
    [TrustEverything]::SetCallback()
}
function Enable-SslVerification
{
    if (([System.Management.Automation.PSTypeName]"TrustEverything").Type)
    {
        [TrustEverything]::UnsetCallback()
    }
}

这在很长一段时间内都运行良好,但就在最近,当我调用 Invoke-RestMethod 时,我开始收到以下错误:

That worked really well for a long time, but just recently I started getting the following error back when I call Invoke-RestMethod:

Invoke-RestMethod : A system error occurred and has been logged.  Please try again later or contact your administrator.

我知道正确的解决方案只是部署证书,但通常您只是想测试一下,而不必设置正确的 PKIX.

I understand that a proper solution is just to deploy certificates, but often you just want to test things out without having to set up a proper PKIX.

推荐答案

我想我已经把这个范围缩小到我正在调用的 Web 服务的变化上.嗬!

I think I have narrowed this down to a change in the web service that I'm calling. Doh!

我在我的问题中列出的 Disable-SslVerificationEnable-SslVerification 功能仍然是最好的方法,并且似乎有效.

The Disable-SslVerification and Enable-SslVerification function that I listed in my question are still the best way to go and seem to work.

期待 Bacon Bits 在评论中提到的 -SkipCertificateCheck 开关.然后,我们可以停止黑客攻击.=)

I look forward to the -SkipCertificateCheck switch mentioned by Bacon Bits in the comments. Then, we can stop hacking. =)

希望这个问题对于试图解决相同问题但遇到 An unexpected error occurred on a send 问题的人们很有价值.

Hopefully this question is valuable for people who are trying to solve the same problem but run into the An unexpected error occurred on a send problem.

这篇关于忽略来自 Powershell Invoke-RestMethod 的自签名证书不起作用(它再次更改......)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,WP2

admin_action_{$_REQUEST[‘action’]}

do_action( "admin_action_{$_REQUEST[‘action’]}" )动作钩子::在发送“Action”请求变量时激发。Action Hook: Fires when an ‘action’ request variable is sent.目录锚点:#说明#源码说明(Description)钩子名称的动态部分$_REQUEST['action']引用从GET或POST请求派生的操作。源码(Source)更新版本源码位置使用被使用2.6.0 wp-admin/admin.php:...

日期:2020-09-02 17:44:16 浏览:1127

admin_footer-{$GLOBALS[‘hook_suffix’]}

do_action( "admin_footer-{$GLOBALS[‘hook_suffix’]}", string $hook_suffix )操作挂钩:在默认页脚脚本之后打印脚本或数据。Action Hook: Print scripts or data after the default footer scripts.目录锚点:#说明#参数#源码说明(Description)钩子名的动态部分,$GLOBALS['hook_suffix']引用当前页的全局钩子后缀。参数(Parameters)参数类...

日期:2020-09-02 17:44:20 浏览:1032

customize_save_{$this->id_data[‘base’]}

do_action( "customize_save_{$this->id_data[‘base’]}", WP_Customize_Setting $this )动作钩子::在调用WP_Customize_Setting::save()方法时激发。Action Hook: Fires when the WP_Customize_Setting::save() method is called.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分,$this->id_data...

日期:2020-08-15 15:47:24 浏览:775

customize_value_{$this->id_data[‘base’]}

apply_filters( "customize_value_{$this->id_data[‘base’]}", mixed $default )过滤器::过滤未作为主题模式或选项处理的自定义设置值。Filter Hook: Filter a Customize setting value not handled as a theme_mod or option.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分,$this->id_date['base'],指的是设置...

日期:2020-08-15 15:47:24 浏览:866

get_comment_author_url

过滤钩子:过滤评论作者的URL。Filter Hook: Filters the comment author’s URL.目录锚点:#源码源码(Source)更新版本源码位置使用被使用 wp-includes/comment-template.php:32610...

日期:2020-08-10 23:06:14 浏览:903

network_admin_edit_{$_GET[‘action’]}

do_action( "network_admin_edit_{$_GET[‘action’]}" )操作挂钩:启动请求的处理程序操作。Action Hook: Fires the requested handler action.目录锚点:#说明#源码说明(Description)钩子名称的动态部分$u GET['action']引用请求的操作的名称。源码(Source)更新版本源码位置使用被使用3.1.0 wp-admin/network/edit.php:3600...

日期:2020-08-02 09:56:09 浏览:848

network_sites_updated_message_{$_GET[‘updated’]}

apply_filters( "network_sites_updated_message_{$_GET[‘updated’]}", string $msg )筛选器挂钩:在网络管理中筛选特定的非默认站点更新消息。Filter Hook: Filters a specific, non-default site-updated message in the Network admin.目录锚点:#说明#参数#源码说明(Description)钩子名称的动态部分$_GET['updated']引用了非默认的...

日期:2020-08-02 09:56:03 浏览:834

pre_wp_is_site_initialized

过滤器::过滤在访问数据库之前是否初始化站点的检查。Filter Hook: Filters the check for whether a site is initialized before the database is accessed.目录锚点:#源码源码(Source)更新版本源码位置使用被使用 wp-includes/ms-site.php:93910...

日期:2020-07-29 10:15:38 浏览:809

WordPress 的SEO 教学:如何在网站中加入关键字(Meta Keywords)与Meta 描述(Meta Description)?

你想在WordPress 中添加关键字和meta 描述吗?关键字和meta 描述使你能够提高网站的SEO。在本文中,我们将向你展示如何在WordPress 中正确添加关键字和meta 描述。为什么要在WordPress 中添加关键字和Meta 描述?关键字和说明让搜寻引擎更了解您的帖子和页面的内容。关键词是人们寻找您发布的内容时,可能会搜索的重要词语或片语。而Meta Description则是对你的页面和文章的简要描述。如果你想要了解更多关于中继标签的资讯,可以参考Google的说明。Meta 关键字和描...

日期:2020-10-03 21:18:25 浏览:1620

谷歌的SEO是什么

SEO (Search Engine Optimization)中文是搜寻引擎最佳化,意思近于「关键字自然排序」、「网站排名优化」。简言之,SEO是以搜索引擎(如Google、Bing)为曝光媒体的行销手法。例如搜寻「wordpress教学」,会看到本站的「WordPress教学:12个课程…」排行Google第一:关键字:wordpress教学、wordpress课程…若搜寻「网站架设」,则会看到另一个网页排名第1:关键字:网站架设、架站…以上两个网页,每月从搜寻引擎导入自然流量,达2万4千:每月「有机搜...

日期:2020-10-30 17:23:57 浏览:1264