Certificate problems with vbscript and xml http calls

Posted by on Feb 10, 2011 in VBScript | 20 comments

May be some of you already got stuck with the problem about xml http calls, vbscript and secured websites with certificate problems – the others surely will… There are some problems occurring right often. For example the host name does not match the subject name of the certificate or the certificate is not valid (yet) or the certificate’s chain is broken. Here you can see 2 of those errors:

80072F0D msxml3.dll The certificate authority is invalid or incorrect

Error 80072F0D in msxml3.dll: The certificate authority is invalid or incorrect

80072F06 msxml3.dll The host name in the certificate is invalid or does not match

Error 80072F06 in msxml3.dll: The host name in the certificate is invalid or does not match

When opening such a page in Internet Explorer you will see that the browser wants to prevent you from opening that page. But you can go on by selecting “Continue to the website…”. In vbscript this is also possible. Here you’ll need to add an option to your xml http request like this:

 Set objXmlHttp = CreateObject("Msxml2.ServerXMLHTTP")
 objXmlHttp.setOption 2, 13056 'http://msdn.microsoft.com/en-us/library/ms763811(v=VS.85).aspx
 objXmlHttp.open "GET", "https://urlwithcertificateerror", False
 objXmlHttp.send
 wscript.echo objXmlHttp.responseText
 Set objXmlHttp = Nothing

The important part is this one:

objXmlHttp.setOption 2, 13056 'http://msdn.microsoft.com/en-us/library/ms763811(v=VS.85).aspx

It tells the xmlhttp object to ignore any certificate errors and to continue downloading the page. There are some more options you can set using the setoption function, e.g. overriding the codepage or change the handling of % characters.
Please note that the value of 13056 means that ALL errors regarding certificates are ignored. There are some more values you can set to get more control on what will be ignored and what won’t, e.g.:

 SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256
 Unknown certificate authority

 SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512
 Malformed certificate such as a certificate with no subject name.

 SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096
 Mismatch between the visited hostname and the certificate name being used on the server.

 SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192
 The date in the certificate is invalid or has expired.

 SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
 All certificate errors.

More information about setting and getting options, about these values and options not mentioned here can be found at http://msdn.microsoft.com/en-us/library/ms753798(v=vs.85).aspx

20 Comments

  1. Bravo ! Tu as fourni la réponse à mon problème ! Merci
    Great ! ^^

  2. This is exactly what I was loikong for. Thanks for writing!

  3. as Murphy stated before , you’ll find an answer in last place searched , and I searched a lot of places

    thank you very much

  4. i love you guy!
    thank you so much!!!

  5. Thank you so much! Solved my problem.

  6. It has certainly worked. However I am concern on security on url, is it accept message/request without certificate or any security gates?

  7. Brilliant! Just what we needed to resolve an issue with sending an xml doc to a 3rd party web service.

  8. Thank you so much…my problem is solved…Really super the way you answer the solution is good.

  9. This worked. Thanks

  10. Thanks, saved me a lot of time and head scratching trying to work out what was going on.

  11. What about javascript? Does it work?

  12. Depends on your code 😉

  13. mmm.. Is there any similar mechanism for Linux? My STB device is runnig on Linux.

  14. thanks a lot for documenting this.

  15. it works.greate.thanks..
    But if you use Msxml2.XMLHTTP no easy option to bypass ssl warnings…

  16. As far as I know, there is no possibility to bypass ssl errors at all using Msxml2.XMLHTTP.

  17. I LOVE YOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU

    Thanks!!!

  18. You just resolved months of back and forth between me and my host, who was totally clueless. Thank you so much for posting this!

  19. Thanks a lot! The information you posted here works for me.

  20. Thanks a lot .. working for me

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha: * Time limit is exhausted. Please reload CAPTCHA.