I use Powershell to send monitoring results to the Icinga API (passive checks). For example, to check if the Exchange backups were processed correctly, I run a Exchange powershell and then the results are sent using “Invoke-WebRequest” command.
Since I disabled obsolete and insecure TLSv1 and TLSv1.1 protocols in the Exchange server, the script was not working anymore returning error:
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
Confirmed using openssl that Icinga API server works with TLSv1.2
# openssl s_client -connect IcingaServer:5665 SSL-Session: Protocol : TLSv1.2
The problem, it seems, was that by default powershell works in TLSv1. This can be changed with the following setting:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
By simply adding that line in the script, the problem was solved.