PowerShell HTTPS GET 使用来自 certstore 的客户端证书

Question

我正在尝试使用客户端证书通过 HTTPS 检查 Web 内容的简单方法。 我有 VBScript，其中定义了客户端证书，跳过了服务器证书并定义了我正在搜索的内容(字符串“运行”)。我的意思是将脚本重写为 PowerShell。

这里是 VBS 代码:

device = "10.10.10.10"
link = "5001/test"
Set Http = CreateObject("WinHttp.WinHttpRequest.5.1")
Http.SetClientCertificate "LOCAL_MACHINE\MY\test"
Http.Option(4) = 256 + 512 + 4096 + 8192 
Http.Open "GET", "https://" & device & ":" & link, false
Http.Send
output = Http.ResponseText
If InStr(1,output,"running") Then
wscript.echo "OK"
Else
wscript.echo "Error"
End If
Set Http = Nothing

这是获取 HTTP 网页内容(但不是 https)的 Powershell 语法:

$page = (New-Object System.Net.WebClient).DownloadString("http://10.10.10.10:5001/test")
"$page"

这是使用 .CRT 文件(但不是来自 CERTSTORE)获取 HTTPS 内容的 Powershell 语法

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::CreateFromCertFile("C:\Cert\test.crt")
$url = "https://10.10.10.10:5001/test"
$web = [System.Net.WebRequest]::Create($url)
$web.ClientCertificates.Add($Cert)

这是我最近尝试获取网络内容。没有成功。

#ignore untrusted certificate
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
#load my client certificate defined by thumbprint
$cert = Get-Childitem cert:\LocalMachine\My\5AA55B7B8D99
#get web contetn
$web = [System.Net.WebRequest]::Create($url)
#use my client certificate
$web.ClientCertificates.Add($Cert)

有什么想法吗？ 最好的问候

Answer 1

这对我有用:

Invoke-RestMethod https://10.10.10.10:5001/test -CertificateThumbprint XXXXXXXXXXXXXXXX