FogApi Powershell module over SSL
-
Hello,
Did someone try to connect to the API with the FogApi module with an https environment ?
It works well with http but with ssl i have this message :Invoke-WebRequest: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
I tried to find infos about offered features (http/https) but i didn’t find anything.
Thanks,
-
@JJ-Fullmer Pretty sure you have used SSL with the FogAPI modules?!
-
@Sebastian-Roth Sadly I have not actually done this.
I believe that it is possible and @tom-elliott may have some insight on accessing the api over https. I believe he has some forum posts elsewhere discussing it. I think there may be some fog server side configuration needed to enable https api. For sure you need to have the root CA certificate that issued your fog server web certificate trusted on the machine issuing the commands. In theory that should be all there is to it, but I haven’t done a ton of testing on it, and while it’s on my to-do list, it’s a bit far down the list. Not to say SSL/TLS isn’t very important even behind a firewall, I just haven’t got there yet.@glequeau In theory, if you can get all the certificates trusted correctly and can access a fog api url in a browser over https, then it should work for the powershell commands as well. That’s how it typically works with powershell and api commands.
That was long, here’s a short version:
- Go to your https fog site
- view the certificate being used and view the trust chain
- Download the root and any intermediate CA certificates
- Install them on your machine as trusted root ca certs
- Try the api commands again with the https url set
If that doesn’t work, then we just have more development needed on https api commands
You could also try editing your locally installed version of the fogapi module. Specifically the invoke-fogapi command (probably at
C:\program files\windowspowershell\modules\fogapi\2303.5.33\fogapi.psm1
) then search for that command in the compiled version of the file.You would add the
-SkipCertificateCheck
switch to all calls toinvoke-restmethod
andinvoke-webrequest
which would bypass that error and still use the ssl connection, but ignore errors about untrusted certificates