我正在尝试从没有经过验证的 SSL 证书的网站下载一些文件。我已使用此处解释的方法来忽略 SSL 警告:Ignore SSL warning with powershell downloadstring
###################### Download ######################
## download zipped files from WebPage/download (No Valid SSL Certificate)
$myDownloadUrl = 'www.SomeWebPage.com/Download/MyFiles.zip'
## installation folder (always under %appdata%\Company\MyFolder)
$myZipFile = "MyFiles.zip"
$installdir = "\Company\MyFolder\"
$myInstallDir = -join @($env:APPDATA, $installdir)
$myFilePath = -join@($myInstallDir, $myZipFile)
## make sure the folder exists
New-Item -ItemType Directory -Force -Path $myInstallDir
## Skip certificate
$code= @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
"@
Add-Type -TypeDefinition $code -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
echo ">> Downloading the Files..."
Invoke-WebRequest -Uri $myDownloadUrl -OutFile $myFilePath
Start-Sleep -s 2
这在我的机器上以及对于之前访问过该网页的用户来说按预期工作。然而,其他人遇到了错误:
ERROR: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ERROR: Exception calling ".ctor" with "3" argument(s): "End of Central Directory record could not be found."
我应该在我的脚本中添加这样的东西吗? (来源:Invoke-WebRequest SSL 失败?)
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl2,Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
这是该服务器的概述
此问题可能是由于 PowerShell 脚本使用的安全协议造成的。当处理使用过时或未经验证的 SSL 证书的网站时,指定安全协议会有所帮助。您提出的指定所有协议的解决方案(
Ssl2
、Ssl3
、Tls
、Tls11
、Tls12
)是一个很好的方法。但是,需要注意的是 Ssl2
和 Ssl3
已经过时且不太安全,通常不鼓励使用它们。
这是包含安全协议设置的调整后的脚本:
# Define the URL and installation directory
$myDownloadUrl = 'https://www.SomeWebPage.com/Download/MyFiles.zip'
$myZipFile = "MyFiles.zip"
$installdir = "\Company\MyFolder\"
$myInstallDir = Join-Path $env:APPDATA $installdir
$myFilePath = Join-Path $myInstallDir $myZipFile
# Ensure the installation directory exists
New-Item -ItemType Directory -Force -Path $myInstallDir
# Trust all certificates
Add-Type -TypeDefinition @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
return true;
}
}
"@ -Language CSharp
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
# Set security protocols (excluding outdated protocols for better security)
$SecureProtocols = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $SecureProtocols
# Download the file
Write-Host ">> Downloading the Files..."
Invoke-WebRequest -Uri $myDownloadUrl -OutFile $myFilePath
Start-Sleep -Seconds 2