Saritasa.Web.psm1

Add-Type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy
    {
        public bool CheckValidationResult(ServicePoint srvPoint,
            X509Certificate certificate, WebRequest request,
            int certificateProblem)
        {
            return true;
        }
    }
"@


<#
.SYNOPSIS
Disables SSL check for WebClient requests.
#>

function Update-SslCheckProcedure()
{
    [CmdletBinding()]
    param ()

    Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState

    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    Write-Information 'SSL certificates validation is turned off.'
}

<#
.SYNOPSIS
Installs SSL certificate of remote server to trusted certificate root authorities store.
 
.NOTES
Based on code by Robert Westerlund and Michael J. Lyons.
http://stackoverflow.com/questions/22233702/how-to-download-the-ssl-certificate-from-a-website-using-powershell
#>

function Import-TrustedSslCertificate
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [string] $ServerHost,
        [int] $Port = 443
    )

    Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState

    $tempFilename = "$env:TEMP\" + [guid]::NewGuid()

    $webRequest = [Net.WebRequest]::Create("https://${ServerHost}:$Port")
    try
    {
        $webRequest.GetResponse().Dispose()
    }
    catch [System.Net.WebException]
    {
        if ($_.Exception.Status -EQ [System.Net.WebExceptionStatus]::TrustFailure)
        {
            # Trust failure, do nothing.
        }
        elseif ($_.Exception.Status -EQ [System.Net.WebExceptionStatus]::ProtocolError -And
            $_.Exception.Response.StatusCode -EQ 'NotFound')
        {
            # Page not found, it's OK.
        }
        else
        {
            # Unknown error, rethrow it.
            throw
        }
    }

    $cert = $webRequest.ServicePoint.Certificate
    $thumbprint = $cert.GetCertHashString()
    $existingCert = Get-Item "Cert:\LocalMachine\Root\$thumbprint" -ErrorAction SilentlyContinue

    if ($existingCert)
    {
        Write-Information "Certificate $thumbprint is trusted already ($($cert.Subject))."
        return
    }

    if (!(Test-UserIsAdministrator))
    {
        throw 'Administrator permissions are required.'
    }

    $bytes = $cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Cert)
    Set-Content -Value $bytes -Encoding Byte -Path $tempFilename

    $cmd = Get-Command Import-Certificate -EA SilentlyContinue

    if ($cmd) # Windows 8+
    {
        Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root $tempFilename
    }
    else # Windows 7
    {
        certutil.exe -addstore 'Root' $tempFilename
        if ($LASTEXITCODE)
        {
            throw 'Certutil failed.'
        }
    }

    Write-Information 'SSL certificate is imported.'
    Remove-Item $tempFilename
}