I have written the following code and when I run the scheduler, get this error : "A certificate is required to complete client authentication, msxml3.dll error '80072f0c'".
Dim objXML
Set objXML = CreateObject ("MSXML2.ServerXMLHttp")
objXML.open "GET", "https://test.moneymapwebpro.com/synchClients.aspx", false
objXML.send
Set objXML = Nothing
Please let me know , why the error message occurs.
According to Microsoft KB302080:
Secure Sockets Layer (SSL) certificate support was added to the
ServerXMLHTTP request object with the release of MSXML version 3.0
Service Pack 1. To make any SSL requests from the Web server,
ServerXMLHTTP expects a client digital certificate to be installed,
even if the target Web server does not require a client certificate.
You need to use to a new version of MSXML -- at least MSXML 3.0 SP2 -- and install a client certificate.
Related
How can i get server certificate information when using IWinHttpRequest (or its IServerXMLHTTPRequest wrapper)?
WinHttp example
IWinHttpRequest http = new WinHttpRequest();
http.Open("GET", "https://example.com", false);
http.send(null);
MSXML example
//IServerXmlHttpRequest internally is a wrapper around WinHttp
IServerXmlHttpRequest http = new ServerXmlHttp60();
http.open("GET", "https://example.com/", false);
http.send(null);
Now that i've sent the request, how can i get information about the server certificate?
Specifically:
i need it's thumbprint (e.g., 43c930419a3adf8ae1e9a635e078ae62e2c7ab4b)
i would like it's subject (e.g., CN = *.silkroad.onion)
i would like it's issuerer (e.g., CN = DigiCert SHA2 Secure Server CA)
It goes without saying that this is not using the flat C WinHttp API, but is using the COM object.
Bonus Reading
InternetQueryOption function
INTERNET_OPTION_SECURITY_CERTIFICATE / INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT
INTERNET_CERTIFICATE_INFO structure
I updated Titanium SDK of my app from 5.1.2 to 6.0.3. After this Https connection to my sitemender server is not working. Same code was working in 5.1.2. This is the error coming
"The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxxxxxxx” which could put your confidential information at risk."
Thanks.
The endpoint's certificate is expired or invalid, so you need to fix that. If you can't, or you just want Titanium (I'm guessing with iOS) to behave the same was as with the older SDK and ignore the invalid certificate, then set validatesSecureCertificate to false.
var xhr = Titanium.Network.createHTTPClient({
validatesSecureCertificate: false
});
Folks,
Can anyone provide a working example of how to do SSL client authentication in ruby 1.8.7? For the record, I am attempting to use a GoDaddy certification to perform an authenticated post request to the Windows Phone push notification service. In this case, my command-line client is using a certificate like an API key or bearer token.
I supply GoDaddy a mydomain.com.key file, and GoDaddy supplies me with a gd_bundle.crt file and a mydomain.com.crt file.
On my Net::HTTP object, I have set these parameters:
my_cert = File.read(File.join(File.dirname(__FILE__), "mydomain.com.crt")) # from godaddy
my_key = File.read(File.join(File.dirname(__FILE__), "mydomain.com.key")) # i made
http.use_ssl = true
http.cert = OpenSSL::X509::Certificate.new(my_cert)
http.key = OpenSSL::PKey::RSA.new(my_key)
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
But the push notification service continues to report a 403 error saying "You do not have permission to view this directory or page using the credentials that you supplied".
Since someone out there is doing push successfully I assume the way I have configured my Net::HTTP object in ruby is incorrect. Does anyone have sample code for how I can use ruby to perform SSL client authentication?
I want to know how to make a HTTPS request from a VBScript client.
After receiving the request, how to decrypt the HTTPS response?
HTTPS is not just an encryption format - it's a transport security protocol, with complex negotiation built-in. Just like you wouldn't try to build an HTTP client component in VBScript, similarly you wouldn't try to build an HTTPS/SSL client.
The VBScript language doesn't include any HTTP or HTTPS client, but windows has a couple of COM objects that can be used (from Windows Script Host of from ASP pages written in VBScript), and VBScript code running in internet explorer can similarly access a browser object that allows HTTPS calls.
From windows (WSH/ASP), the best object is typically MSXML2.ServerXmlHTTP, for example see this quick overview: http://www.developerfusion.com/article/3272/posting-form-data-to-a-web-page/2/
From Internet Explorer, as long as you're not dealing with legacy versions, the best idea is to use the cross-browser standard object XMLHttpRequest. The following page gives you an overview: http://www.jibbering.com/2002/4/httprequest.html
All of these HTTP clients also support HTTPS.
dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP")
xHttp.Open "GET", "https://yourhost.example.com/foo", False
' 2 stands for SXH_OPTION_IGNORE_SERVER_SSL_CERT_ERROR_FLAGS
' 13056 means ignore all server side cert error
xHttp.setOption 2, 13056
xHttp.Send
' read response body
WScript.Echo xHttp.responseBody
Reference:
getOption Method of XML DOM
setOption Method of XML DOM
I'm trying to get a Ruby script to download a file off a server, but I'm getting a 401.2 from IIS:
You do not have permission to view
this directory or page using the
credentials that you supplied because
your Web browser is sending a
WWW-Authenticate header field that the
Web server is not configured to
accept.
I've checked that basic auth is enabled. Is there something special about how Ruby handles basic auth? Is there a way for me to see what the server actually gets and what the headers say is acceptable?
This is my code:
Net::HTTP.start(url, port) {|http|
req = Net::HTTP::Get.new('/file.txt')
req.basic_auth 'username', 'password'
response = http.request(req)
puts response.body
}
Snippet from the Microsoft website
HTTP 401.2: Denied by server configuration
Description
The client browser and IIS could not agree on an authentication protocol.
Common reasons
* No authentication protocol (including anonymous) is selected in IIS. At least one authentication type must be selected. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
253667 (http://support.microsoft.com/kb/253667/ ) Error message: HTTP 401.2 - Unauthorized: Logon failed due to server configuration with no authentication
* Only Integrated authentication is enabled, and an older, non-Internet Explorer client browser tries to access the site. This happens because the client browser cannot perform Integrated authentication. To resolve this problem, use one of the following methods:
o Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
o Use a client browser that can perform Integrated authentication. Internet Explorer and new versions of Netscape Navigator and Mozilla Firefox can perform Integrated authentication.
* Integrated authentication is through a proxy. This happens because the proxy doesn't maintain the NTLM-authenticated connection and thus sends an anonymous request from the client to the server. Options to resolve this problem are as follows:
o Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
o Don't use a proxy.
You should also try to look at ruby-httpclient - Simple HTTPClient library for Ruby which can use NTLM auth.