Could not create SSL/TLS secure channel

Problem

When running a PowerShell script that uses Invoke-WebRequest, the following error may appear:

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.

This occurs because the script is attempting to connect to a server using secure protocols (TLS/SSL), but the required protocols (like TLS 1.2) are not enabled on the system.

Solutions

Temporary
Permanent

To quickly fix this issue in the current session, you can enable the necessary protocols by running the following command in your PowerShell session:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11 -bor ` [Net.SecurityProtocolType]::Tls12 -bor ` [Net.SecurityProtocolType]::Tls -bor ` [Net.SecurityProtocolType]::Ssl3

However, this fix is temporary and needs to be reapplied in every new PowerShell session.

To permanently resolve this issue and ensure all .NET-based applications, including PowerShell, use secure protocols by default, update the system registry.

Steps to Fix:

Open an elevated PowerShell session (Run as Administrator).
Run the following commands to update the registry:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord 
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord

Also apply the changes to the 64-bit .NET Framework registry key:

Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord 
Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord

Restart the system to ensure the changes take effect.

Explanation of Registry Keys

Registry Setting	Description
SchUseStrongCrypto	Forces the .NET Framework to use strong cryptographic protocols (e.g., TLS 1.2).
SystemDefaultTlsVersions	Ensures .NET applications use the system-default TLS version, allowing them to adapt to newer protocols.

If the error persists

If the error persists, consider the following actions to ensure secure connections for all .NET applications without requiring manual intervention in each session:

Ensure your system supports TLS 1.2 and that it is enabled in the operating system.
Upgrade to PowerShell Core or PowerShell 7, which default to modern security protocols.

Install the monitoring tools

Monitor

How-to guides

Troubleshooting

Could not create SSL/TLS secure channel

Problem

Solutions

Steps to Fix:

Explanation of Registry Keys

If the error persists

Install the monitoring tools

Monitor

How-to guides

Troubleshooting

​Problem

​Solutions

​Steps to Fix:

​Explanation of Registry Keys

​If the error persists

Problem

Solutions

Steps to Fix:

Explanation of Registry Keys

If the error persists