You are running Invoke-WebRequest and hit with “Could not create SSL/TLS secure channel”, It simply means TLS 1. 2 is not being used.
Windows selects most strong cryptography from the list. How do you know what’s your crypto list?
Display the list of cryptos form this .Net Class variable:
PS E:> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12
My computer shows three cryptos and most strong one is TLS 1.2. If you get the above error message ( “Could not create SSL/TLS secure channel” ), that means the most strong crypto is not supported by the web site you are accessing. (Is Tls12 missing?)
Since this is PowerShell, you can fix it two ways. For temporarily enable TLS 1.2 and make a Invoke-WebRequest,
Run this command before you run Invoke-WebRequest cmdlet. Young only need to set the security protocol to TLS 1.2 only once in the script.
Obviously when you finish running the script, security protocol assignment is lost. It goes back to computer’s default setting.
If you need to make it permanent, you could add TLS 1.2 in the cryptography list in Registry. Open PowerShell in Administrative mode (Run as Admin), then add these registry entries:
Set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
You have close all PowerShell Windows and reopen it to take effect the registry settings.
Did that help? leave me a reply.
5 thoughts on “Solution: Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.”
Thanks! due to some reason Set cryptography doesn’t applied on Windows 2012 server
have to use KB – https://docs.microsoft.com/en-us/sccm/core/plan-design/security/enable-tls-1-2 , created subkey which set the default crypography as TLS12
Hello, yes, it helped me, thanks!
I was trying to perform get request to a wordpress(woocomerce API) and in windows 10 works right away, but in windows 7 it does not work despite having active SSL 3,Tls, Tls11, Tls12, Tls13 and the default is Tls12 according to the command [Net.ServicePointManager]::SecurityProtocol. Even trying running the command [Net.ServicePointManager]::SecurityProtocol =[Net.SecurityProtocolType]::Tls12 before running the invoke-webrequest fails.
If someone replies thanks in advance.
Thanks! it helped me.
this is only place that offers a permanent solution 😀 it works on windows srv 2016. thnx