Powershell: Invoke-RestMethod and Invoke-WebRequest don't support client certificate authentication with certificate files

Just verifying. When this is attempted with Get-PfxCertificate the .pfx file that is imported included the both the private key and certificate?

Thanks for asking. Yes, once with and once without a password. The same cert is successfully used within the browser.

On Do., Aug. 10, 2017 at 3:47 PM, Mark Kraus notifications@github.com wrote:

Just verifying. When this is attempted with Get-PfxCertificate the .pfx file that is imported included the both the private key and certificate?

Ok. I see a TODO in WebRequestPSCmdlet.CoreClr.cs to add this after it was made available in CoreFX. I see that it is now available in CoreFX and I have working build on Linux with the changes implemented. Now I just need to figure out how to add tests for it. It's not exactly a -CertificateFile but it does work with Get-PfxCertificate.

I was able to use a certificate on Windows _without_ having the cert imported in the cert store. BUT the exact same command on Ubuntu fails. The certificate is valid and used within the browser but is not working with Invoke-RestMethod ... -Certificate (Get-PfxCertificate...).

Could someone confirm having the same issues on Linux/Ubuntu with a valid certificate? Otherwise its probably no PowerShell issue at all.

@Karneades Yes, it is currently not possible in 6.0.0-beta.5 on Linux.

I was saying that I was able to locate the issue in the source code and implement code changes to make it work. I'm working on everything that is needed to make a proper Pull Request. This will likely be available in future versions (whether it is from my pull request or some other work).

Our comments just overlapped before.

Thanks a lot for digging into the code, your feedback and your engagement to solve this open issue! It would be awesome to have it working in the OpenSource version of PowerShell.

On Do., Aug. 10, 2017 at 7:51 PM, Mark Kraus notifications@github.com wrote:

@Karneades Yes, it is currently not possible in 6.0.0-beta.5 on Linux.

I was saying that I was able to locate the issue in the source code and implement code changes to make it work. I'm working on everything that is needed to make a proper Pull Request. This will likely be available in future versions (whether it is from my pull request or some other work).

@Karneades No problem! If you want. you can clone from my fork, build it and test it.

mkdir ~/gittest
cd ~/gittest/
git clone --recursive https://github.com/markekraus/PowerShell.git
cd PowerShell/
git checkout WebClientCerts
git remote add upstream https://github.com/powershell/powershell.git
powershell -noprofile -ExecutionPolicy bypass -command 'Import-Module ./build.psm1; Sync-PSTags; Start-PSBootstrap; Start-PSBuild'

The last line of output will give you the binary path of the newly built powershell. Run that and then try to use Get-PfxCertificate with Invoke-RestMethod and Invoke-WebRequest. My simple tests work, but I don't have anything outside an echo server to test real Certificate Authentication with.

Awesome! What a nice small change to make that important feature work! Tested successfully both on Windows 10 and Ubuntu 16.04 with your fork. Hope your PR will make it into the next beta. Thanks so much!