If a connection to a web service uses HTTPS (HTTP over Secure Sockets Layer (SSL)), the certificate must be validated before a connection can complete and a request can be completed. If a web service has an invalid certificate, an error will be returned.
How PowerShell reacts to different scenarios can be tested. The badssl site can be used to test how PowerShell might react to different SSL scenarios: https://badssl.com/.
For example, when attempting to connect to a site with an expired certificate (using Invoke-WebRequest), the following message will be displayed in Windows PowerShell:
PS> Invoke-WebRequest https://expired.badssl.com/
Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1 + Invoke-WebRequest https://expired.badssl.com/ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
In PowerShell Core, this message changes to The remote certificate is invalid according to the validation procedure.
In Windows PowerShell, Invoke-WebRequest cannot bypass or ignore an invalid certificate on its own (using a parameter). Certificate validation behavior may be changed by adjusting the CertificatePolicy on the ServicePointManager: https://msdn.microsoft.com/en-us/library/system.net.servicepointmanager(v=vs.110).aspx.
In PowerShell Core, Invoke-WebRequest has a new parameter allowing certificate errors to be ignored, as shown here:
Invoke-WebRequest https://expired.badssl.com/ -SkipCertificateCheck
Certificates are based on a chain of trust. Authorities are trusted to carry out sufficient checks to prove the identity of the certificate holder. Skipping certificate validation is insecure and should only be used against known hosts which can be trusted.