add tag
PeterVandivier
### TL;DR:

I cannot supply a private key file to `Invoke-RestMethod`. How do I authenticate to a service that requires mutual TLS?

---

I have a `curl` command I know to work. I would like its equivalent using `Invoke-RestMethod` and I feel like I’m missing something obvious in [the docs][1]. Given the following curl, how do i specify `--key` (and `--insecure`) for `Invoke-RestMethod`?

```
curl \
    --request POST \
    --url 'https://api.com/login' \
    --header 'Content-Type: application/json;charset=utf-8' \
    --data-raw '{"api_key": "foo","api_secret": "bar"}' \
    --insecure \
    --cert ~/.ssh/foo.crt \
    --key ~/.ssh/foo.key
```

```
$splat = @{
    Method  = 'POST'
    Uri     = 'https://api.com/login'
    Headers = @{'Content-Type'='application/json;charset=utf-8'}
    Body    = @{api_key='foo'; api_secret='bar'}
    # Insecure = $true ??
    Certificate  = (Get-PfxCertificate '~/.ssh/foo.crt')
    # Key = ??
}

Invoke-RestMethod @splat
```

It seems rather obvious that `--cert` and `-Certificate` correspond. But I don't see a parameter to supply my private [`--key`][2]. 

---

### Additional Info

#### `--insecure`

I don't fully understand why [`--insecure`][3] is required for the `curl` call, but omitting it produces the following error...

> curl: (60) SSL: no alternative certificate subject name matches target host name '10.0.0.10'
> More details here: https://curl.haxx.se/docs/sslcerts.html
> 
> curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

...so I rather assume it has something to do with accessing the IP address and not having signed that address as part of the cert. There's a number of candidate Parameters on the `Invoke-RestMethod` I can try for this, but I need to work through supplying the private key properly first I think. 

#### Changing `$Error`

Not sure what I've changed, but in the course of writing this up, the `$Error` returned has changed from...

1. first error

> Authentication failed, see inner exception. 

...with an `$Error[0].Exception.InnerException` of...

> Interop+AppleCrypto+SslException: handshake failure

2. second error

> The remote certificate is invalid according to the validation procedure.

...with no other `.InnerException`.

---

Oh well... off to the server logs, I suppose  ¯\\\_(ツ)_/¯

[1]: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod
[2]: https://curl.haxx.se/docs/manpage.html#--key
[3]: https://curl.haxx.se/docs/manpage.html#-k

Enter question or answer id or url (and optionally further answer ids/urls from the same question) from

Separate each id/url with a space. No need to list your own answers; they will be imported automatically.