Disable TLS Certificate Check

Question

Disable TLS Certificate Check

Opened this issue 10 months ago · 3 comments

Describe the feature

Issue previously reported and closed #89

Would like to include a feature to disable TLS certificate verification when using custom endpoints for AWS services. My use case is to use Powershell Tools against Snowball Edge services.

Use Case

I am attempting to use the AWS Tools for Powershell against AWS services running on Snowball edge. Some services such as IAM, EC2, STS etc. are enabled over both HTTP and HTTPS. The relevant powershell commands work against the HTTP endpoints, however my strong preference is to use HTTPS.

The new S3 Compatible service only offers HTTPS endpoints.

All HTTPS services on Snowball Edge are presented with the internally generated certificate AWS Snowball Edge - Managing public key certificates

Proposed Solution

Using the HTTPS endpoints with AWS CLI is possible by including the --no-verify-ssl parameter. Would it be possible to implement a similar common parameter in the AWS Tools for Powershell commands?

Other Information

No response

Acknowledgements

I may be able to implement this feature request
This feature might incur a breaking change

AWS Tools for PowerShell version used

AWS Tools for PowerShell
Version 4.1.456
Copyright 2012-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Amazon Web Services SDK for .NET
Core Runtime Version 3.7.300.5
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

PowerShell version used

Name Value

PSVersion 7.2.17
PSEdition Core
GitCommitId 7.2.17
OS Linux 6.4.16-linuxkit #1 SMP PREEMPT Thu Nov 16 10:49:20 UTC 2023
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

Operating System and version

Debian 11

Answer 1 · 2023-11-27T17:52:22.000Z

Needs review with the team.

Answer 2 · 2023-11-28T02:27:37.000Z

I have found that adding the Snowball Edge certificate to the local certificate trust store enables some services such as IAM to work over HTTPS. However I would still prefer to disable TLS Validation at the command level without needing to modify certificates in the trust store.

Answer 3 · 2024-04-28T10:50:21.000Z

Hey, everybody!
Also missing is a function to disable TLS certificate validation when working with S3 (e.g. Write-S3Object).
I will be very glad if this issue is solved.