locked
Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel. RRS feed

  • General discussion

  • Hello,

    I am trying to connect to a URI of NAS device to connect  and use Get for getting some details. But ia m getting the error while running my script.

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    
    # create header
    $username = "C33491PA"
    $password = "yoH6'X+KDO"
    
    # create Uri
    $isilonip = "10.70.175.6"
    $baseurl = 'https://' + $isilonip +":8080" 
    #$resourceurl = "/platform/1/protocols/smb/shares"
    $Share = "Birts_Dev"
    
    # resolve FQDN
    $isilonip = ([System.Net.Dns]::GetHostAddresses($isilonip)).IPAddressToString
    
    #create Jason Object
    $jobj = convertto-json (New-Object PSObject -Property @{username= $username;password = $password; services = ("platform","namespace")})
    
    # create uri for session resource url
    $resourceurl = "/session/1/session "
    $uri = $baseurl + $resourceurl
     
    #create session and save cookie in variable $session
    $ISIObject = Invoke-RestMethod -Uri  $uri -Body $jobj -ContentType "application/json; charset=utf-8" -Method POST -SessionVariable session
    
    
    # create Uri for SMB shares
    $resourceurl = "/platform/1/protocols/smb/shares"
    $url = $baseurl + $resourceurl
     
    # send request to get all shares using session cookie
    $ISIObject = Invoke-RestMethod -Uri $url -Method get -WebSession $session

    Getting the below error 

    Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.


    • Changed type Bill_Stewart Monday, September 11, 2017 3:20 PM
    • Moved by Bill_Stewart Monday, September 11, 2017 3:21 PM This is not support forum for third party software
    Thursday, July 6, 2017 9:33 PM

All replies

  • Ask the vendor. This is not the correct forum to ask questions about third-party products.

    -- Bill Stewart [Bill_Stewart]

    Thursday, July 6, 2017 9:47 PM
  • First try http, second try SSL 1.1

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11

    and as last try to add the function below to allow all certs.

    function Ignore-SSLCertificates
    {
        $Provider = New-Object Microsoft.CSharp.CSharpCodeProvider
        $Compiler = $Provider.CreateCompiler()
        $Params = New-Object System.CodeDom.Compiler.CompilerParameters
        $Params.GenerateExecutable = $false
        $Params.GenerateInMemory = $true
        $Params.IncludeDebugInformation = $false
        $Params.ReferencedAssemblies.Add("System.DLL") > $null
        $TASource=@'
            namespace Local.ToolkitExtensions.Net.CertificatePolicy
            {
                public class TrustAll : System.Net.ICertificatePolicy
                {
                    public bool CheckValidationResult(System.Net.ServicePoint sp,System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Net.WebRequest req, int problem)
                    {
                        return true;
                    }
                }
            }
    '@ 
        $TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)
        $TAAssembly=$TAResults.CompiledAssembly
        ## We create an instance of TrustAll and attach it to the ServicePointManager
        $TrustAll = $TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
        [System.Net.ServicePointManager]::CertificatePolicy = $TrustAll
    }
    
    Ignore-SSLCertificates

    No luck, as Bill said, ask the vendor.


    Cheers,

    Ruud
    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    Friday, July 7, 2017 8:15 AM
  • There is a much easier way to accept bad, expired or funky certs:

    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

    When  there is a cert issue this callback is called if defined.  If it returns "True" then the error is ignored. It does the same thing as the C# code.


    \_(ツ)_/

    Friday, July 7, 2017 8:22 AM
  • You can also do this to enable all protocols:

    [Net.ServicePointManager]::SecurityProtocol = 'TLS11','TLS12','ssl3'


    \_(ツ)_/

    Friday, July 7, 2017 8:25 AM