• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4814
  • Last Modified:

Ignoring client certificate using ServerXMLHTTP (VB6)

Any idea how I can force the ServerXMLHTTP to ignore requests for a client-certificate and fail-over to the Basic Authorization credentials provided?

I am trying to achieve this in Visual Basic 6 and ASP Classic.

Code so far:
Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
Call XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Result so far:
msxml3.dll error '80072f0c'
A certificate is required to complete client authentication
0
syswin2
Asked:
syswin2
  • 2
  • 2
1 Solution
 
pateljituCommented:
Try code as provided below (you would still require Client certificate to be installed on the server making this call) :

Const SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256
Const SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512
Const SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096
Const SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192
Const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056

Set XMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.6.0")
XMLHTTP.SetOption(2, XMLHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)
XMLHTTP.Open("GET", "https://server/path", False)
XMLHTTP.setRequestHeader "Authorization", "BASIC authhere=="
XMLHTTP.Send

Open in new window


setOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms763811%28v=vs.85%29.aspx

getOption:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms753798%28v=vs.85%29.aspx
0
 
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Unfortunately, you have no way of controlling this from the client side. If the server is configured to require certificates, than there is nothing that the client can do about it.

Do you have control over the server that you are connecting to? If so, you need to look at the servers config to see if you can disable the requirement for client certificates.
0
 
syswin2Author Commented:
Hi mccarl,

Thanks for the information, I had no control over the server so I ended up getting my VB6/ASP script to talk via SOAP to a PHP script which then talked to the target server using cUrl which had an option to ignore server certificates.

A bit round the houses but it works.

Thanks,
Peter
0
 
mccarlIT Business Systems Analyst / Software DeveloperCommented:
I'm glad that you got it working! :)

However, I'm still a little perplexed...
using cUrl which had an option to ignore server certificates.
There should be no way that ANY client (ServerXMLHTTP, cURL or any other) can bypass client authentication.

What option did you use with cURL that made this work?
0
 
syswin2Author Commented:
We ended up using cUrl option "CURLOPT_SSL_VERIFYPEER" = False which caused it to fall-back to basic authentication (over SSL).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now