May be some of you already got stuck with the problem about xml http calls, vbscript and secured websites with certificate problems – the others surely will… There are some problems occurring right often. For example the host name does not match the subject name of the certificate or the certificate is not valid (yet) or the certificate’s chain is broken. Here you can see 2 of those errors:

80072F0D msxml3.dll The certificate authority is invalid or incorrect

Error 80072F0D in msxml3.dll: The certificate authority is invalid or incorrect

80072F06 msxml3.dll The host name in the certificate is invalid or does not match

Error 80072F06 in msxml3.dll: The host name in the certificate is invalid or does not match

When opening such a page in Internet Explorer you will see that the browser wants to prevent you from opening that page. But you can go on by selecting “Continue to the website…”. In vbscript this is also possible. Here you’ll need to add an option to your xml http request like this:

 Set objXmlHttp = CreateObject("Msxml2.ServerXMLHTTP")
 objXmlHttp.setOption 2, 13056 'http://msdn.microsoft.com/en-us/library/ms763811(v=VS.85).aspx
 objXmlHttp.open "GET", "https://urlwithcertificateerror", False
 objXmlHttp.send
 wscript.echo objXmlHttp.responseText
 Set objXmlHttp = Nothing

The important part is this one:

objXmlHttp.setOption 2, 13056 'http://msdn.microsoft.com/en-us/library/ms763811(v=VS.85).aspx

It tells the xmlhttp object to ignore any certificate errors and to continue downloading the page. There are some more options you can set using the setoption function, e.g. overriding the codepage or change the handling of % characters.
Please note that the value of 13056 means that ALL errors regarding certificates are ignored. There are some more values you can set to get more control on what will be ignored and what won’t, e.g.:

 SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256
 Unknown certificate authority

 SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512
 Malformed certificate such as a certificate with no subject name.

 SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096
 Mismatch between the visited hostname and the certificate name being used on the server.

 SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192
 The date in the certificate is invalid or has expired.

 SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
 All certificate errors.

More information about setting and getting options, about these values and options not mentioned here can be found at http://msdn.microsoft.com/en-us/library/ms753798(v=vs.85).aspx