Could not create SSL/TLS secure channel

Written By Mikel from Gorelo

Last updated 2 months ago

Problem

When running a PowerShell script that uses Invoke-WebRequest, the following error may appear:

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.

This occurs because the script is attempting to connect to a server using secure protocols (TLS/SSL), but the required protocols (like TLS 1.2) are not enabled on the system.

Solution (Temporary)

To quickly fix this issue in the current session, you can enable the necessary protocols by running the following command in your PowerShell session:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11 -bor ` [Net.SecurityProtocolType]::Tls12 -bor ` [Net.SecurityProtocolType]::Tls -bor ` [Net.SecurityProtocolType]::Ssl3

However, this fix is temporary and needs to be reapplied in every new PowerShell session.

Solution (Permanent)

To permanently resolve this issue and ensure all .NET-based applications, including PowerShell, use secure protocols by default, update the system registry.

Steps to Fix:

  1. Open an elevated PowerShell session (Run as Administrator).

  2. Run the following commands to update the registry:

Example
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
  1. Also apply the changes to the 64-bit .NET Framework registry key:

Example
Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
  1. Restart the system to ensure the changes take effect.

Explanation of Registry Keys

  • SchUseStrongCrypto: Forces the .NET Framework to use strong cryptographic protocols (e.g., TLS 1.2).

  • SystemDefaultTlsVersions: Ensures .NET applications use the system-default TLS version, allowing them to adapt to newer protocols.

Additional Notes

  • If the error persists, ensure your system supports TLS 1.2 and that it is enabled in the operating system.

  • Consider upgrading to PowerShell Core or PowerShell 7, which default to modern security protocols.

By following this guide, youโ€™ll ensure secure connections for all .NET applications without requiring manual intervention in each session.