Question

Disabling Client Authentication via API

  • 22 April 2019
  • 3 replies
  • 7540 views

I'm having an issue disabling client authentication via REST API. Here is my code:

code:
$disableauth = @{
value='false'
}
$disableauth = $disableauth | CovertTo-Json
try {
$r = Invoke-RestMethod -Method Post -Uri https://clusterip:9440/PrismGateway/services/rest/v2.0/authconfig/client_auth -Headers $head -ContentType $content -Body $disableauth
} catch { $_.Exception.Message; }


When I run this command, it gives me an error of "request aborted: could not create SSL/TLS secure channel". I have a similar call I use to enable authentication, which works without issue.

3 replies

Userlevel 1
Badge +2
Do you get the same error if you use the DNS name and/or FQDN of the cluster instead of the IP address?
Unfortunately I get the same result with FQDN, hostname, and IP. I also have this in my code, which has helped to overcome similar errors like this in the past:

code:
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
One constant I've noticed is I only get the SSL/TLS error when Client Authentication is Enabled.

Reply