> ## Documentation Index
> Fetch the complete documentation index at: https://help.gorelo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Could not create SSL/TLS secure channel

> Fix the PowerShell 'Could not create SSL/TLS secure channel' error by enabling TLS 1.2 in your session or system-wide for Invoke-WebRequest scripts.

## Problem

When running a PowerShell script that uses `Invoke-WebRequest`, the following error may appear:

```powershell theme={null}
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
```

This occurs because the script is attempting to connect to a server using secure protocols (TLS/SSL), but the required protocols (like TLS 1.2) are not enabled on the system.

<Frame>
  <img src="https://mintcdn.com/gorelo/k9Vf68jFwh3yoHvE/images/image-168.png?fit=max&auto=format&n=k9Vf68jFwh3yoHvE&q=85&s=6777e83ac2b24818bbb93b26b91317a6" alt="Image" width="1527" height="248" data-path="images/image-168.png" />
</Frame>

## Solutions

<Tabs>
  <Tab title="Temporary">
    To quickly fix this issue in the current session, you can enable the necessary protocols by running the following command in your PowerShell session:

    ```powershell theme={null}
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11 -bor ` [Net.SecurityProtocolType]::Tls12 -bor ` [Net.SecurityProtocolType]::Tls -bor ` [Net.SecurityProtocolType]::Ssl3
    ```

    However, this fix is temporary and needs to be reapplied in every new PowerShell session.
  </Tab>

  <Tab title="Permanent">
    To permanently resolve this issue and ensure all .NET-based applications, including PowerShell, use secure protocols by default, update the system registry.

    ### Steps to Fix:

    1. Open an **elevated PowerShell session** (Run as Administrator).
    2. Run the following commands to update the registry:

    ```powershell theme={null}
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord 
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
    ```

    3. Also apply the changes to the 64-bit .NET Framework registry key:

    ```text theme={null}
    Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord 
    Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
    ```

    4. Restart the system to ensure the changes take effect.
  </Tab>
</Tabs>

## Explanation of registry keys

| Registry Setting             | Description                                                                                              |
| ---------------------------- | -------------------------------------------------------------------------------------------------------- |
| **SchUseStrongCrypto**       | Forces the .NET Framework to use strong cryptographic protocols (e.g., TLS 1.2).                         |
| **SystemDefaultTlsVersions** | Ensures .NET applications use the system-default TLS version, allowing them to adapt to newer protocols. |

## If the error persists

If the error persists, consider the following actions to ensure secure connections for all .NET applications without requiring manual intervention in each session:

* Ensure your system supports TLS 1.2 and that it is enabled in the operating system.

* Upgrade to PowerShell Core or PowerShell 7, which default to modern security protocols.
