If a service has an invalid certificate, the best response is to fix the problem. When it is not possible or practical to address the real problem, a workaround can be created.
This modification applies to the current PowerShell session and will reset to default behavior every time a new PowerShell session is opened.
The certificate policy used by the ServicePointManager may be replaced with a customized handler by writing a class (PowerShell, version 5) that replaces the CheckValidationResult method:
Class AcceptAllPolicy: System.Net.ICertificatePolicy { [Boolean] CheckValidationResult( [Net.ServicePoint] $servicePoint, [Security.Cryptography.X509Certificates.X509Certificate] $certificate, [Net.WebRequest] $webRequest, [Int32] $problem) { return $true } } [System.Net.ServicePointManager]::CertificatePolicy = [AcceptAllPolicy]::new()
Once the policy is in place, certificate errors will be ignored as the previous method returns true no matter its state:
Invoke-WebRequest "https://expired.badssl.com/" StatusCode : 200 StatusDescription : OK ...
CertificatePolicy is marked as obsolete:
The CertificatePolicy property is marked as obsolete in the documentation on MSDN.
Until recently, adjusting the ServerCertificateValidationCallback was sufficient. However, with PowerShell 5 this appears to only fix part of the problem for Invoke-WebRequest.
Requests made by System.Net.WebClient are satisfied by this simpler approach which trusts all certificates:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
The CertificatePolicy property is marked as obsolete in the documentation on MSDN.
Until recently, adjusting the ServerCertificateValidationCallback was sufficient. However, with PowerShell 5 this appears to only fix part of the problem for Invoke-WebRequest.
Requests made by System.Net.WebClient are satisfied by this simpler approach which trusts all certificates:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }