Problem...
When running New-IshSession -WsBaseUrl "https://example.com/ISHWS/" ...-IgnoreSslPolicyErrors on Windows PowerShell 5.1 hosted by .NET Framework 4.8, there is no problem as the code holds an AppDomain invalid certificate overwrite for the Soap services in IShSession.cs
However this rough override is not there for PowerShell 7+ hosted by .NET (Core) 6+. That solution is more subtle - not AppDomain based - but is in turn still more security sensitive. So you could end up with generic error Could not establish trust relationship for the SSL/TLS secure channel with authority '...' with in turn nested errors like...
The remote certificate is invalid because of errors in the certificate chain: NotTimeValidThe remote certificate is invalid because of errors in the certificate chain: UnTrustedRoot
Workaround...
In my case, usually while debugging I used Fiddler or alike, and they act as a proxy pushing a temporary root certificate. If that certifcate is expired or not put in Trusted Root Certificates Authority or alike, you will run into the above errors.
Below a screenshot how to refresh the Fiddler root certificate named DO_NOT_TRUST_FiddlerRoot, and make sure you submit it in Trusted Root Certificates Authority.
Example Exception StackTrace...
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(HttpRequestException requestException, HttpRequestMessage request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpClientRequestChannel.HttpClientChannelAsyncRequest.<SendRequestAsync>d__13.MoveNext()
at System.ServiceModel.Channels.RequestChannel.<RequestAsync>d__33.MoveNext()
at System.ServiceModel.Channels.RequestChannel.<RequestAsyncInternal>d__32.MoveNext()
at System.Runtime.TaskHelpers.ToApmEnd[TResult](IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.<RequestAsync>d__7.MoveNext()
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.<RequestAsyncInternal>d__8.MoveNext()
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(MethodCall methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(MethodInfo targetMethod, Object[] args)
at generatedProxy_2.GetTimeZone()
at Trisoft.ISHRemote.Cmdlets.Settings.GetIshTimeZone.ProcessRecord()
Problem...
When running
New-IshSession -WsBaseUrl "https://example.com/ISHWS/" ...-IgnoreSslPolicyErrorson Windows PowerShell 5.1 hosted by .NET Framework 4.8, there is no problem as the code holds an AppDomain invalid certificate overwrite for the Soap services inIShSession.csHowever this rough override is not there for PowerShell 7+ hosted by .NET (Core) 6+. That solution is more subtle - not AppDomain based - but is in turn still more security sensitive. So you could end up with generic error
Could not establish trust relationship for the SSL/TLS secure channel with authority '...'with in turn nested errors like...The remote certificate is invalid because of errors in the certificate chain: NotTimeValidThe remote certificate is invalid because of errors in the certificate chain: UnTrustedRootWorkaround...
In my case, usually while debugging I used Fiddler or alike, and they act as a proxy pushing a temporary root certificate. If that certifcate is expired or not put in Trusted Root Certificates Authority or alike, you will run into the above errors.
Below a screenshot how to refresh the Fiddler root certificate named
DO_NOT_TRUST_FiddlerRoot, and make sure you submit it in Trusted Root Certificates Authority.Example Exception StackTrace...