Table of Contents
Could not Create SSL/TLS Secure Channel
irm https://community.chocolatey.org/install.ps1 | iexIn some cases, you got the following error when connecting to an HTTPS server using WebRequest or PowerShell:
irm : The request was aborted: Could not create SSL/TLS secure channel.
At line:1 char:1
+ irm https://community.chocolatey.org/install.ps1 | iex
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
This exception message typically indicates that a secure channel could not be created due to the client application failing to specify a cryptographic protocol that is supported by the server.
As time goes on, this issue is more likely to crop up, as an increasing number of servers remove support for the older TLS 1.0 and TLS 1.1 protocols. At the time of writing, TLS 1.2 and TLS 1.3 are the current standards for secure network communications.
By default, Windows Server 2016 enables SSL3 and TLS1. You can check by the following command:
PS C:\> [Net.ServicePointManager]::SecurityProtocol
Ssl3, TlsYou can get the supported protocols on Windows Server 2016. Then you can see, TLS1.2 is supported but it’s not enabled by default.
PS C:\> [enum]::GetNames([System.Net.SecurityProtocolType])
SystemDefault
Ssl3
Tls
Tls11
Tls12Enable TLS 1.2 on Server 2016 temporary
To solve the error, use the SecurityProtocol property to specify that all protocols are supported.
1️⃣ To fix it, make sure you have download then install .NET Framework 4.x or higher at https://dotnet.microsoft.com/en-us/download/dotnet-framework then restart your server.
2️⃣ Use the SecurityProtocol property to specify that all protocols are supported before you run the main command.
[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12'
irm https://community.chocolatey.org/install.ps1 | iexBut, with this method, the settings only available for the current session. If you close then reopen a new PowerShell window, the setting would be reverted to default. Let move forward to change it permanently.
Enable TLS 1.2 on Server 2016 permanently
1️⃣ Make sure you have installed .NET Framework 4.x or higher.
2️⃣ Open PowerShell as administrator then run the below command:
Set-ItemProperty `
-Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' `
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty `
-Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' `
-Name 'SchUseStrongCrypto' -Value '1' -Type DWord3️⃣ To verify it works, let close and reopen a new PowerShell window the execute the following command:
PS C:\> [Net.ServicePointManager]::SecurityProtocol
Tls, Tls11, Tls12Not a reader? Watch this related video tutorial:
