1

I need to make an HTTP request from VBScript to a domain secured with SSL. The library I'm using to do that, ServerXMLHTTP, doesn't seem to be able to connect due to SSL certificate trust failure. This seems strange, as when I browse to the domain in Google Chrome, it reports the whole certificate chain as being trusted.

Setting the "SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS" option on the ServerXMLHTTP object doesn't make any difference.

The "System" log in Windows Event Viewer contains an error with a numeric code that translates to the following, which is consistent with the VBScript error: "TLS1_ALERT_UNKNOWN_CA 48 SEC_E_UNTRUSTED_ROOT 0x80090325"

Although a straight-up solution would obviously be desirable, I would be equally interested to know how I would even begin to troubleshoot a problem like this one without needing to resort to StackOverflow for help.

Here is my script:

Dim http

Set http = CreateObject("Msxml2.ServerXMLHTTP.6.0")

http.Open "GET", "https://us.api.concursolutions.com/"

http.setOption 2, 13056 'sets the option "SXH_OPTION_IGNORE_SERVER_SSL_CERT_ERROR_FLAGS" to "SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS"

http.Send

WScript.Echo http.responseText

Set http = Nothing

VBScript reports a certificate trust error System error viewed in Event Viewer Chrome is happy with the certificate chain

utterly confuzzled
  • 103
  • 1
  • 9
  • From Help `Security—The HTTP client stack does not allow a user-specific state to be shared with another user's session. ServerXMLHTTP does not provide support for certificates.`. So use the right object. Version 2 is also old. Introduced with Internet Explorer 5. – Noodles Mar 11 '19 at 11:15
  • @Noodles That is surprising, as if I edit the URL in the script to be any of a number of other SSL-secured domains, such as "https://www.google.com/", the message box presented by the script contains the HTML of the requested web page, as expected. – utterly confuzzled Mar 11 '19 at 11:20
  • @Noodles Additionally, the version of the MSXML library I am invoking is in fact 6.0, in spite of the misleading ProgID: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms764622%28v%3dvs.85%29 – utterly confuzzled Mar 11 '19 at 11:24
  • None the less `Server` is for web servers to talk to sister web servers. You merely want `Msxml2.XMLHTTP.6.0` meant for programs to use. The server one is high performance by not supporting much of http.. – Noodles Mar 11 '19 at 12:48
  • 1
    @Noodles The scenario I'm in is server-to-server, so the ServerXMLHTTP object fits. However, I have tried with XMLHTTP as well, and I get a similar error. – utterly confuzzled Mar 11 '19 at 16:27

0 Answers0