Invoke-RestMethod to Netscaler Nitro API using Https

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Bill Scanlon Bill Scanlon 12 months ago.

  • Author
  • #31388
    Profile photo of Bill Scanlon
    Bill Scanlon

    I am attempting to use invoke-RestMethod to connect to a Citrix Netscaler's nitro rest api. I then re-use the returned SessionVariable to run several commands through the API. This works fine with http, but when I use https I get back an empty object or a session expired error.

    $credential = get-credentials        
    $login =@{"login"@{"username"="nsroot";"password"="password";"timeout"="360"}}
    $loginJson = ConvertTo-Json $login
    try {
      Write-Verbose "Calling Invoke-RestMethod for login"
      $response = Invoke-RestMethod -Uri "" -Body $loginJson -Method POST -SessionVariable saveSession -ContentType application/json -ErrorAction Stop -TimeoutSec 60
       if ($response.severity -eq "ERROR") {
         throw "Error. See response: `n$($response | fl * | Out-String)"
       } else {
         Write-Verbose "Response:`n$(ConvertTo-Json $response | Out-String)"
         $saveSession.Credentials = $credential
         $myNSSession1 = New-Object -TypeName PSObject
         $myNSSession1 | Add-Member -NotePropertyName Endpoint  -NotePropertyValue "" -TypeName String
         $myNSSession1 | Add-Member -NotePropertyName WebSession  -NotePropertyValue $saveSession -TypeName Microsoft.PowerShell.Commands.WebRequestSession
     catch [Exception] {
         throw $_
    $uri = ""
    $call = Invoke-RestMethod -uri $uri -Method GET -WebSession $myNSSession1.WebSession

    This returns:

    Invoke-RestMethod : { "errorcode": 444, "message": "Session expired or killed. Please login again", "severity": "ERROR" }

  • #31399
    Profile photo of Peter Jurgens
    Peter Jurgens

    It could be a certificate trust problem. You can try this:

        add-type @"
            using System.Net;
            using System.Security.Cryptography.X509Certificates;
            public class TrustAllCertsPolicy : ICertificatePolicy {
                public bool CheckValidationResult(
                    ServicePoint srvPoint, X509Certificate certificate,
                    WebRequest request, int certificateProblem) {
                    return true;
        [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

    This will force your current powershell session to trust all certificates.

    I've used this method personally for scripting McAfee EPO server as the EPO server URL uses SSL and I haven't bothered to install a proper trusted cert for it yet...

  • #31426
    Profile photo of Bill Scanlon
    Bill Scanlon

    I'm actually importing the cert into the current user root store earlier in the same script. Prior to doing that I was getting an unable to establish SSL/TLS connection error.

    $ApplianceCert = Request-WebCertificate -url ""
    $store = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root, "CurrentUser")

You must be logged in to reply to this topic.