ServerCertificateValidationCallback breaking GET web request with PowerShell 5.1 (An unexpected error occurred on a send)

Martin M 1 Reputation point
2022-07-05T09:47:01.807+00:00

We have an internal PowerShell module used for interacting with our own internal software during deployment/testing. Alot of our installations use self-signed certificates, as they are internal-only systems for testing - we override ServerCertificateValidationCallback in our scripts, so that PowerShell won't run into issues with the self-signed certificates.

Recently, I've noticed that overriding ServerCertificateValidationCallback is breaking GET requests to a REST api for some reason. I've reproduced this on multiple versions of Windows with PowerShell 5.1, and I cannot see that I am doing anything wrong to cause this. Below is a very simple script that can reproduce the issue:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { return $true }  
Invoke-RestMethod -Method Get  -UseBasicParsing -Uri https://reqres.in/api/users  
Invoke-RestMethod -Method Post -UseBasicParsing -Uri https://reqres.in/api/users -Body (@{ Name = "Bob Smith"; job = "CEO"  }  |  ConvertTo-Json) -ContentType "application/json"  
Invoke-RestMethod -Method Get  -UseBasicParsing -Uri https://reqres.in/api/users  
  • The first Invoke-RestMethod (ie, the GET) will fail
  • The second request (the POST) will be successful
  • After the POST is successful, it seems that the session is cached and therefore the GET is successful
  • If the session is left to go idle for a while, the GET request will once again fail
  • If the POST request had been issued first (even without the GET), it would still have been successful ... ie the problem is not just a simple case of the first request failing
  • The issue is reproducible with boke Invoke-RestMethod and Invoke-WebRequest
  • The issue is only reproducible with PowerShell 5.1 ... PowerShell 7.1 (on the same Machine) does not reproduce the issue
  • I have reproduced this on multiple Machines running Windows 10, Server 2019 and Server 2022
  • Closing the session and creating a new session without the first line (ie, not overriding ServerCertificateValidationCallback) will not reproduce the issue either
  • reqres.in is not our actual production site, it's just a sample REST API site that I'm using to reproduce the issue easily
  • The issue occurs with systems which are using valid (CA issued) Certificates, and on systems which have self-signed certificates

As far as I understand, both IRM and IWR use the same (HttpWebRequest) C# class. I've not tried creating a C# project, but I have tried briefly testing the class in C# but cannot reproduce the issue there. Below is the code that I used:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { return $true }  
[System.Net.HttpWebRequest]$wr =  [System.Net.WebRequest]::Create("https://reqres.in/api/users")  
$stream = $wr.GetResponse().GetResponseStream()  
$sr = New-Object -TypeName System.IO.StreamReader -ArgumentList $stream  
$sr.ReadToEnd() | ConvertFrom-Json  

Obviously this was only as a troubleshooting step however. I'd appreciate any advice anybody can give me on this issue and how to resolve it.

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,627 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,811 Reputation points
    2022-07-12T09:04:23.127+00:00

    Hi Martin,

    Thank you for posting your query. I'll be more than happy to assist you with your concern.

    Kindly try this command.

    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

    Note that 'System.' is missing

    Do not hesitate to message us if you need further assistance.

    ----

    --If the reply is helpful, please Upvote and Accept as answer--

    If the answer is helpful kindly click "Accept as answer" and upvote it. Thanks.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.