When a file is downloaded from cloud proxy to a Windows end point, it could fail due to security protocols.

Problem

Script download fails on a Windows platform with the following message:
The request was aborted: Could not create SSL/TLS secure channel.
There are three kinds of PowerShell scripts hosted in cloud proxy that can be downloaded and executed at the Windows end point VMs for different purposes:
  • To install custom Telegraf using a script (download.ps1).
  • To install custom Telegraf on a physical server (unmanagedagent_setup_sample.ps1).
  • To configure open source Telegraf on managed or unmanaged VMs (open_source_telegraf_monitor.ps1).

Solution

Ignore the ServerCertificateValidationCallback using the following command.
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
    {
        public static void Ignore()
        {
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
            {
                ServicePointManager.ServerCertificateValidationCallback +=
                    delegate
                    (
                        Object obj,
                        X509Certificate certificate,
                        X509Chain chain,
                        SslPolicyErrors errors
                    )
                    {
                        return true;
                    };
            }
        }
    }
"@
    Add-Type $certCallback
 }
[ServerCertificateValidationCallback]::Ignore()
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

After downloading and executing the required script, ServerCertificateValidationCallback can be enabled.