I am developing a web API, which runs only on my local computer, and using PowerShell to test it. Here is an example test:
$baseUri = 'https://localhost:5001'
$body = '{
"title": "Lofi Guitar Loop",
"preview": "/media/mp3/21-10-06.mp3",
"structure": "ABACA"
}'
$response = Invoke-WebRequest -Method 'POST' -Uri "$baseUri/sounds" -Body $body
if ($response.StatusCode -ne 201) {throw}
if (-not $response.Content) {throw}
However, I receive the error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
To fix this, I came across some code that disables certificate checking:
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
From what I understand, this is equivalent to using the "-k" parameter in curl. It indeed solves the error, but I want to know: Does this only affects my specific code or does it affect other programs too and thus results in a security vulnerability for my system.
