I use Powershell to send monitoring results to the Icinga API (passive checks). For example, to check if the Exchange backups were processed correctly, I run a Exchange powershell and then the results are sent using “Invoke-WebRequest” command.

Since I disabled obsolete and insecure TLSv1 and TLSv1.1 protocols in the Exchange server, the script was not working anymore returning error:

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.

Confirmed using openssl that Icinga API server works with TLSv1.2

# openssl s_client -connect IcingaServer:5665
Protocol  : TLSv1.2

The problem, it seems, was that by default powershell works in TLSv1. This can be changed with the following setting:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

By simply adding that line in the script, the problem was solved.