I would like to call a remote Rest web service from a Windows server hosting the remote certificate. I've exported the certificate from the remote server and added it to the Windwos store. (/Personal/myCert)
I would like to use it on a Invoke-RestMethod PowerShell command.Here bellow is the code I've tried
# Variables$Remote_Uri = "https://remote.example.com/service/search"$Remote_CertificateName = "myCert"$Remote_ApiKey = "oisdjfSOEDJFKQDfSDKFjsQDKFJ"$Remote_ContentType = "application/json"$LocalArtifactPath = "C:\RemoteObjects.json"# Get Certificate$Remote_CertificateThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match $Remote_CertificateName}).Thumbprint;$Certificate = Get-ChildItem -Path Cert:\LocalMachine\My\$Remote_CertificateThumbprint# Basic Encoding$encoding = [System.Text.Encoding]::ASCII.GetBytes($Certificate)$encodedString = [System.Convert]::ToBase64String($encoding)$BasicAuth = "Basic "+ $encodedString# Set Headers$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"$Headers.Add("Authorization", $BasicAuth)$Headers.Add("api", $Remote_ApiKey)$Headers.Add("Content-Type", $Remote_ContentType)# Self-signed certificate[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } # Call Rest ServiceInvoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -Headers $Headers Invoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -Certificate $CertificateInvoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -CertificateThumbprint $Remote_CertificateThumbprint# Self-signed certificate off[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $nullThe three lines with Invoke-RestMethod commands failed with respectively :
- Wrong header (this was expected but I gave it a try)
- Authorization is empty or scheme is not basic
- Certificate thumbprint not found
I've got the rest call working with @{"AUTHORIZATION"="Basic Base64Encode(user:pass)"} so I can tell the service is answering but I would like not to use user:pass in my script.
I would like to use the Certificate I've added to the Windows Store.I'm wondering about two things :
- Is the "Basic" authorization scheme is the good one to use with a certificate ?
- In powershell, how to use a certificate from the local windows store running Invoke-RestMethod command ?
Thank you for your help