Sometimes you have use a specific TLS/SSL certificate or thumbprint for outgoing HTTPS connections because of endpoint restrictions. To test these connections you can use PowerShell, but how do you get the required certificate from your certificate store?
If an endpoint has restricted HTTPS connections based on certificate or certificate thumbprint, you must be able to pull that certificate from your Windows Certificate Store and use it in your request. This is not a big issue if the certificate is stored in the CurrentUser store, but it becomes harder when it's in LocalComputer.
How to use an SSL certificate from CurrentUser certificate store in PowerShell Invoke-WebRequest
Use certmgr.msc on your command line to open up the CurrentUser certificate store in Managment Console.
If you need to use a personal TLS/SSL certificate you can pull it up using PowerShell:
$certStorePath = "Cert:\CurrentUser\My"# Must return one result:$certhash = (Get-ChildItem -Path $certStorePath | Where-Object { $_.Subject -like "CN=Part_of_Common_Name*" }).ThumbprintBecause Invoke-WebRequest will only look in the CurrentUser certificate store, this will suffice for your HTTPS request. Try:
Invoke-WebRequest -Uri https://example.com -CertificateThumbprint $certThumbPrintDo you need a LocalMachine certificate, then it becomes a (small) bit harder.
LocalMachine SSL certificate to use in PowerShell Invoke-WebRequest HTTPS requests
Start LocalMachine certificate store management console directly with certlm.msc.
Because Invoke-WebRequests only looks at CurrentUser certificate store you a different approach for SSL certificates stored in LocalMachine:
Use Get-ChildItem to get the certificate itself, and pass that to Invoke-WebRequest instead of a thumbprint:
$certStorePath = "Cert:\LocalMachine\My"$certificate = Get-ChildItem -Path $certStorePath | Where-Object { $_.Subject -like "CN=Part_of_Common_Name*" } # Must return one resultInvoke-WebRequest -Uri https://example.com -Certificate $certificate
Thank you very much! <3 ❤️
Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace – The Human Cloud. In the past I worked at CLDIN (CLouDINfra) and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at https://www.saotn.org.
