所以问题不是关于powershell,而是如何管理这个问题:下面是一个脚本(从我们用来管理我们的F5负载均衡器的脚本中提取的部分)
$modules = @("F5-LTM","TunableSslValidator","POSH-SSH")
$apiVersion = "15.1.0.2"
$headers = @{"Content-Type"="application/json"}
$credentials = Get-Credential
try
{
ForEach($module in $modules)
{
import-module $module -ErrorAction Stop
}
}
catch
{
Write-host "[ " -NoNewline
write-host "FAIL" -NoNewline -ForegroundColor Red
Write-host " ] " -NoNewline
write-host "Importing Powershell Modules"
write-host $_.Exception -ForegroundColor Red
exit
}
Write-host "[ " -NoNewline
write-host " OK " -NoNewline -ForegroundColor Green
Write-host " ] " -NoNewline
write-host "Importing Powershell Modules"
$uri = "https://F5hostname/mgmt/tm/ltm/monitor/https/my-site_https_monitor?ver=$apiVersion"
#-------------------------------------------------------------------------
# Handle Cert Warning
#-------------------------------------------------------------------------
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
[ServerCertificateValidationCallback]::Ignore()
Invoke-WebRequest -Method GET -Uri $uri -insecure -Headers $headers -Credential $credentials ErrorAction Stop -UseBasicParsing
如果您使用 powershell 5.1 运行但在 powershell 7.0.1 中失败并出现以下错误,则此方法有效
The remote certificate is invalid according to the validation procedure.
f5 确实有一个不受信任的证书 - 我正在寻求解决这个问题,但我正在使用 TunableSslValidator 并且我在那里有那个证书验证块,因为我们在 powershell 5 中也有问题,但我们信任这个内部资源,我愿意忽略证书问题。
有没有办法在powershell 7中绕过这个?