The request was aborted: Could not create SSL/TLS secure channel
I had to enable other security protocol versions to resolve the issue:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
I enabled logging using this code:
http://blogs.msdn.com/b/dgorti/archive/2005/09/18/471003.aspx
The log was in the bin/debug folder (I was in Debug mode for my console app). You need to add the security protocol type as SSL 3
I received an algorithm mismatch in the log. Here is my new code:
// You must change the URL to point to your Web server.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "GET";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
// Skip validation of SSL/TLS certificate
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
WebResponse respon = req.GetResponse();
Stream res = respon.GetResponseStream();
string ret = "";
byte[] buffer = new byte[1048];
int read = 0;
while ((read = res.Read(buffer, 0, buffer.Length)) > 0)
{
Console.Write(Encoding.ASCII.GetString(buffer, 0, read));
ret += Encoding.ASCII.GetString(buffer, 0, read);
}
return ret;
Similar to an existing answer but in PowerShell:
[System.Net.ServicePointManager]::SecurityProtocol = `
[System.Net.SecurityProtocolType]::Tls11 -bor
[System.Net.SecurityProtocolType]::Tls12 -bor `
[System.Net.SecurityProtocolType]::Tls -bor `
[System.Net.SecurityProtocolType]::Ssl3
Then calling Invoke-WebRequest should work.
Got this from anonymous feedback, good suggestion: Simpler way to write this would be:
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")
Found this fantastic and related post by Jaykul: Validating Self-Signed Certificates From .Net and PowerShell
This could be caused by a few things (most likely to least likely):
-
The server's SSL certificate is untrusted by the client. Easiest check is to point a browser at the URL and see if you get an SSL lock icon. If you get a broken lock, icon, click on it to see what the issue is:
- Expired dates - get a new SSL certificate
- Name does not match - make sure that your URL uses the same server name as the certificate.
- Not signed by a trusted authority - buy a certificate from an authority such as Verisign, or add the certificate to the client's trusted certificate store.
- In test environments you could update your certificate validator to skip access checks. Don't do this in production.
Server is requiring Client SSL certificate - in this case you would have to update your code to sign the request with a client certificate.