Powershell Invoke-WebRequest Fails with SSL TLS Secure Channel

Question

I m trying to execute this powershell command  Invoke-WebRequest -Uri https   apod nasa gov apod   and I get this error   Invoke-WebRequest   The request was aborted  Could not create SSL TLS secure channel    https requests appear to work   https   google com   but not this one in question   How can I get this to work or use other powershell command to read the page contents

User · Answer

If  like me  none of the above quite works  it might be worth also specifically trying a lower TLS version alone   I had tried both of the following  but didn t seem to solve my problem    Net ServicePointManager   SecurityProtocol    tls12  tls11  tls   Net ServicePointManager   SecurityProtocol    Net SecurityProtocolType   Tls12 -bor  Net SecurityProtocolType   Tls11 -bor  Net SecurityProtocolType   Tls   In the end  it was only when I targetted TLS 1 0  specifically remove 1 1 and 1 2 in the code  that it worked    Net ServicePointManager   SecurityProtocol    Net SecurityProtocolType   Tls   The local server  that this was being attempted on  is fine with TLS 1 2  although the remote server  which was previously  confirmed  as fine for TLS 1 2 by a 3rd party  seems not to be   Hope this helps someone

User · Answer

Make sure you switch the SHELL first   SHELL   powershell    -Command     ErrorActionPreference    Stop    ProgressPreference    SilentlyContinue      RUN  Net ServicePointManager   SecurityProtocol    Net SecurityProtocolType   Tls12  RUN Invoke-WebRequest -UseBasicParsing -Uri   https   github com git-for-windows git releases download v2 25 1 windows 1 Git-2 25 1-64-bit exe  -OutFile  outfile exe

User · Answer

In a shameless attempt to steal some votes  SecurityProtocol is an Enum with the  Flags  attribute   So you can do this    Net ServicePointManager   SecurityProtocol       Net SecurityProtocolType   Tls12 -bor      Net SecurityProtocolType   Tls11 -bor      Net SecurityProtocolType   Tls   Or since this is PowerShell  you can let it parse a string for you    Net ServicePointManager   SecurityProtocol    tls12  tls11  tls    Then you don t technically need to know the TLS version   I copied and pasted this from a script I created after reading this answer because I didn t want to cycle through all the available protocols to find one that worked   Of course  you could do that if you wanted to   Final note - I have the original  minus SO edits  statement in my PowerShell profile so it s in every session I start now   It s not totally foolproof since there are still some sites that just fail but I surely see the message in question much less frequently

User · Answer

try using this one   Net ServicePointManager   SecurityProtocol    Net SecurityProtocolType   Tls12 Invoke-WebRequest -Uri https   apod nasa gov apod

User · Answer

It works for me     if  -not   System Management Automation PSTypeName  ServerCertificateValidationCallback   Type             certCallback              using System          using System Net          using System Net Security          using System Security Cryptography X509Certificates          public class ServerCertificateValidationCallback                       public static void Ignore                                 if ServicePointManager ServerCertificateValidationCallback   null                                        ServicePointManager ServerCertificateValidationCallback                             delegate                                                       Object obj                               X509Certificate certificate                               X509Chain chain                               SslPolicyErrors errors                                                                                 return true                                                                                      Add-Type  certCallback             ServerCertificateValidationCallback   Ignore    Invoke-WebRequest -Uri https   apod nasa gov apod

User · Answer

I haven t figure out the reason but reinstalling the  pfx certificate both in current user and local machine  works for me

[powershell] Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel

Examples related to powershell

Examples related to ssl