Powershell Invoke-RestMethod Call using Windows store certificate (Basic Authorization ?)

Question

I would like to call a remote Rest web service from a Windows server hosting the remote certificate. I've exported the certificate from the remote server and added it to the Windwos store. (/Personal/myCert)

I would like to use it on a Invoke-RestMethod PowerShell command. Here bellow is the code I've tried

# Variables
$Remote_Uri = "https://remote.example.com/service/search"
$Remote_CertificateName = "myCert"
$Remote_ApiKey = "oisdjfSOEDJFKQDfSDKFjsQDKFJ"
$Remote_ContentType = "application/json"
$LocalArtifactPath = "C:\RemoteObjects.json"

# Get Certificate
$Remote_CertificateThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match $Remote_CertificateName}).Thumbprint;
$Certificate = Get-ChildItem -Path Cert:\LocalMachine\My\$Remote_CertificateThumbprint

# Basic Encoding
$encoding = [System.Text.Encoding]::ASCII.GetBytes($Certificate)
$encodedString = [System.Convert]::ToBase64String($encoding)
$BasicAuth = "Basic " + $encodedString

# Set Headers
$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$Headers.Add("Authorization", $BasicAuth)
$Headers.Add("api", $Remote_ApiKey)
$Headers.Add("Content-Type", $Remote_ContentType)

# Self-signed certificate
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } 

# Call Rest Service
Invoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -Headers $Headers 
Invoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -Certificate $Certificate
Invoke-RestMethod -Method Get -Uri $Remote_Uri -OutFile $LocalArtifactPath -CertificateThumbprint $Remote_CertificateThumbprint

# Self-signed certificate off
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null

The three lines with Invoke-RestMethod commands failed with respectively :

• Wrong header (this was expected but I gave it a try)
• Authorization is empty or scheme is not basic
• Certificate thumbprint not found

I've got the rest call working with @{"AUTHORIZATION"="Basic Base64Encode(user:pass)"} so I can tell the service is answering but I would like not to use user:pass in my script.

I would like to use the Certificate I've added to the Windows Store. I'm wondering about two things :

• Is the "Basic" authorization scheme is the good one to use with a certificate ?
• In powershell, how to use a certificate from the local windows store running Invoke-RestMethod command ?

Thank you for your help

Answer 1

Adding this [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 in my script fixed the "The underlying connection was closed" issue.

Before this crosscheck wheather IIS is enabled in your system.