You are running Invoke-WebRequest and hit with “Could not create SSL/TLS secure channel”, It simply means TLS 1. 2 is not being used.
Windows selects most strong cryptography from the list. How do you know what’s your crypto list?
Display the list of cryptos form this .Net Class variable:
PS E:> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12
My computer shows three cryptos and most strong one is TLS 1.2. If you get the above error message ( “Could not create SSL/TLS secure channel” ), that means the most strong crypto is not supported by the web site you are accessing. (Is Tls12 missing?)
Since this is PowerShell, you can fix it two ways. For temporarily enable TLS 1.2 and make a Invoke-WebRequest,
Run this command before you run Invoke-WebRequest cmdlet. Young only need to set the security protocol to TLS 1.2 only once in the script.
Obviously when you finish running the script, security protocol assignment is lost. It goes back to computer’s default setting.
If you need to make it permanent, you could add TLS 1.2 in the cryptography list in Registry. Open PowerShell in Administrative mode (Run as Admin), then add these registry entries:
Set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
You have close all PowerShell Windows and reopen it to take effect the registry settings.
Did that help? leave me a reply.