Could not create SSL/TLS secure channel

Hi everyone,

I am still relatively new to Okta and its API, I have inherited a number of Powershell scripts used for administrative tasks on the system. Recently these scripts stopped working in our Okta dev/sandbox environment and fail with the error:

Exception calling "GetResponse" with "0" argument(s): "The request was aborted: Could not create SSL/TLS secure channel."

However the exact same script works fine in our Okta production environment, they both use TLS1.2, same ciphers. The workstation I am running the script on has now problem accessing our Okta dev environment via its web interface.

I would be grateful for any advice or pointers!

As of today, Okta production env still offers TLSv1/v1.1/1.2, while the preview env only works with TLSv1.2. Most likely it’s something on your side (script, network library, network infrastructure, etc) that prevents TLSv1.2 from being used.

It turned out that Powershell was defaulting to TLSv1 and this was being rejected. If anyone else is having the same issues with Powershell and the Okta API then you can add the following to your scripts/modules to explicitly use TLSv1.2

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

It’s good to know, thanks for sharing. From this tip, I also found this approach by appending TLSv1.2 support:

Glad you got it working!

@ca_aidan Out of curiousity, can you share what version of Windows and PowerShell you are using?

$PSVersionTable

at a posh prompt will output the shell version.

Name Value

PSVersion 5.1.16299.431
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
BuildVersion 10.0.16299.431
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

See also GitHub - gabrielsroka/OktaAPI.psm1: Call Okta API from PowerShell -- unofficial code.

It does most of what you need, and more.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.