Table of Contents
Could not Create SSL/TLS Secure Channel
irm https://community.chocolatey.org/install.ps1 | iex
In some cases, you got the following error when connecting to an HTTPS server using WebRequest or PowerShell:
irm : The request was aborted: Could not create SSL/TLS secure channel.
At line:1 char:1
+ irm https://community.chocolatey.org/install.ps1 | iex
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
This exception message typically indicates that a secure channel could not be created due to the client application failing to specify a cryptographic protocol that is supported by the server.
As time goes on, this issue is more likely to crop up, as an increasing number of servers remove support for the older TLS 1.0 and TLS 1.1 protocols. At the time of writing, TLS 1.2 and TLS 1.3 are the current standards for secure network communications.
By default, Windows Server 2012 enables SSL3 and TLS1. You can check by the following command:
PS C:\> [Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls
You can get the supported protocols on Windows Server 2012. Then you can see, TLS1.2 is supported but it’s not enabled by default.
PS C:\> [enum]::GetNames([System.Net.SecurityProtocolType])
SystemDefault
Ssl3
Tls
Tls11
Tls12
To solve the error, use the SecurityProtocol property to specify that all protocols are supported.
Enable TLS 1.2 on Server 2012 temporary
1️⃣ To fix it, make sure you have download then install .NET Framework 4.x or higher at https://dotnet.microsoft.com/en-us/download/dotnet-framework then restart your server.
2️⃣ Use the SecurityProtocol property to specify that all protocols are supported before you run the main command.
[System.Net.ServicePointManager]::SecurityProtocol = 3072
#Output
PS C:\> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls
PS C:\> [System.Net.ServicePointManager]::SecurityProtocol = 3072
PS C:\> [System.Net.ServicePointManager]::SecurityProtocol
Tls12
But, with this method, the settings only available for the current session. If you close then reopen a new PowerShell window, the setting would be reverted to default. Let move forward to change it permanently.
Enable TLS 1.2 on Server 2012 permanently
1️⃣ Make sure you have installed .NET Framework 4.x or higher.
2️⃣ Open PowerShell as administrator then run the below command:
Set-ItemProperty `
-Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' `
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty `
-Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' `
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
3️⃣ To verify it works, let close and reopen a new PowerShell window the execute the following command:
PS C:\> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12
Not a reader? Watch this related video tutorial: