The Request Was Aborted: Could Not Create SSL/TLS Secure Channel

Resolution for SSL/TLS error thrown when running an Orchestrator upgrade script. (E.g. Publish-IdentityServer.ps1) " Error: The request was aborted: Could not create SSL/TLS secure channel. "

Issue Description: Error: The request was aborted: Could not create SSL/TLS secure channel.

Resolution:

  • Enable TLS 1.2 on the client machine where the script is executed.

The error says the connection did not work due to a TLS issue. Check the machine where the script is being run, to ensure TLS 1.2 is enabled. Work with local IT group as needed to confirm / update the machine where the script is run, has TLS 1.2 enabled.

There are three tasks for enabling TLS 1.2 on clients:

  1. Update Windows and WinHTTP
  2. Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level
  3. Update and configure the .NET Framework to support TLS 1.2

Also review the registry entries TLS 1.2 and configure them if needed.

HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Client

"Enabled" = 1

"DisabledByDefault" = 0

Enable the TLS 1.2 protocol on registry setting in the machine. Enable through the Power shell script.

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force  
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force                                       
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled'           -value '1' –Type 'DWORD'
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'