0

I started to use the API on the PowerShell by instruction https://automation.deepsecurity.trendmicro.com/article/12_0/set-up-cookbook?platform=on-premise under API Cookbook - > Set up to use Bash or Powershell - to extract the managed agents status from the Deep Security.

I followed the instruction to test the access to the API on the Windows PowerShell using a pre-created API key, secret, headers and Invoke-WebRequest. The documentation says if you receive the error message “The underlying connection was closed: An unexpected error occurred on a send” need to restart the PowerShell and repeat the test. But it does not work.

Can you please help with the automation on Powershell to successfully complete the test?

Amol Gangadhare
  • 1,059
  • 2
  • 11
  • 24
Ruzalt
  • 1
  • 1
    if you are using an older WinOS, the default TLS setting is for 1.1 ... but that has been disabled by many services. you may need to enable TLS 1.2. the following will enable it >>> `[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11, tls'` <<< if you add it to the top of your script. – Lee_Dailey Jul 23 '20 at 14:56
  • Thanks for the comment. We use WS2016. I enable the TLS12 to run the script: [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { False } [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12 $url = "https://:4119" $secret = "....." $headers = @{‘api-version’ = “v1”; ‘api-secret-key’ = $secret} Invoke-WebRequest "$url/api/apikeys" -Headers $headers – Ruzalt Jul 24 '20 at 11:29
  • ah! thank you for the added info. i missed that when i skimmed thru the article you linked. [*blush*] you may want to add that you have enabled TLS 1.2 to your Question so that others can find it easily. ///// i am out of ideas ... so i will return to lurking. good luck! [*grin*] – Lee_Dailey Jul 24 '20 at 16:36
  • What version of .NET is the client running? Is it at least 4.5 (Windows Server 2012/Windows 8 and beyond, by default)? If not, that's the issue. I'd assume you'd get an error when trying to set the SecurityProtocol, but with confirming. – Graham Jul 30 '20 at 15:09
  • Thank you for helping me! I found a solution. A Root cause - DSM have self signed sertificate. I ran powershell on the server in environment with CA. It means the certificate issue took place. My colleage added a script block to trust any certificates explicitly. It resolved the error. Another solution is to sign DSM certificate by CA server in your environment, but I did not test it yet. I hope my advise helps anyone. Later I will add the script block that resolved the isuue. – Ruzalt Aug 01 '20 at 06:31

0 Answers0