2

I'm trying to automate the weekly download of a text file from an https site with a ps1 script. My simple attempts to connect look like this -

Start-BitsTransfer `
-source https://url.com/file `
-destination d:\test.txt

I get the error "The certificate authority is invalid or incorrect". Is there a way to override this CA check?

This Powershell (3.0) script is running on Windows Server 2008R2 and the https://url.com/ SSL cert is issued by Entrust CA. I've tried to add Entrust as a "Trusted Root Certificate Authority" to the "Certificate Store" through IE8. No joy.

hdNfLtoGeXGi
  • 60
  • 7
Colin
  • 930
  • 3
  • 19
  • 42

3 Answers3

2

This really racked my brain for quite some time. I finally figured out you need to enter the number in decimal not in binary or hex.

C:>bitsadmin /SetSecurityFlags myJob 8

The 8 will make the "Ignore invalid certificate authority in server certificate :true"

hdNfLtoGeXGi
  • 60
  • 7
0

http://technet.microsoft.com/en-us/library/cc753211(v=ws.10).aspx

C:\>bitsadmin /SetSecurityFlags myJob 0x011110
EricLaw
  • 56,563
  • 7
  • 151
  • 196
  • Can you pull the relevant parts of the link out and explain why this should work in this case? The answer is pretty thin without that. – Nathaniel Ford Mar 28 '13 at 21:19
  • Thanks. I thought Bitsadmin was being deprecated (?) and didn't want to introduce it to my script. Am I wrong? The Bitsadmin warnings tell me to use a cmdlet but I'm struggling to find one (or an appropriate method). – Colin Mar 29 '13 at 13:33
  • @Nathaniel Ford- I'm not sure how you get more "relevant" than providing the proper command line. – EricLaw Mar 29 '13 at 21:50
  • @Nyquist: Why are you using BITS for this rather than one of the built-in WebRequest classes? Is the URL in question publicly accessible (e.g. the one above isn't). – EricLaw Mar 29 '13 at 21:50
  • I corrected a typo in the URL. The website is public but the WA130322 ASCII file requires credentials (which work in a browser). I'm not familiar with the WebRequest classes and Technet docs seem to suggest bitstransfer was the way to go. This is restricted environment so wget utils aren't an option. – Colin Mar 30 '13 at 00:15
0

I believe I needed to update my Root CA list on the server with a MS Security Update. And bitstransfer can not override a CA check.

Colin
  • 930
  • 3
  • 19
  • 42