T
Tom
I'm trying to set up and use a client certificate given to us by a 3rd party
to request and receive their XML data. With the provided cert, the only
instructions they've given us is to import the cert into IE and export to a
..pfx file.
I used the MMC Certificate Snap in to get the cert into the certificate
store (I think that part's OK but not 100% sure if I've granted access etc.)
Then I used winhttpcertcfg.exe. to grant access. I'm just not sure about
the account(s). I've granted access to the following accounts by using the
following command:
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CsS Services -a IWAM_SECURE
I've run that command for various accounts. Here's the listing now using:
winhttpcertcfg -l -c LOCAL_MACHINE\MY -s "CsS Services"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
[email protected]
CN=CsS Services
OU=Identity authenticated by RA
OU=Email control validated by GeoTrust
OU=See TCX CPS www.geotrust.com/resources/CPS
OU=CPS terms incorp. by ref. liability ltd.
O=Org. not validated.
Additional accounts and groups with access to the private key include:
BUILTIN\Administrators
NT AUTHORITY\SYSTEM
SECURE\IUSR_SECURE
SECURE\IWAM_SECURE
SECURE\ASPNET
Now when I run this code using WinHttp.WinHttpRequest I get the following
error:
WinHttp.WinHttpRequest error '80072f9a'
A security error occurred
This still occurs on objSrvHTTP.Send. I've tried both GET and POST and get
the same error. Previous to correctly (at least I think it's been run
correctly) run winhttpcertcfg we were getting "msxml3.dll error '80072f0c' A
certificate is required to complete client authentication"
MS advised to install SP 2 (Windows Server 2003 Standard) and use
WinHttp.WinHTTPRequest instead of Msxml2.ServerXMLHTTP.
Here's the code:
set objSrvHTTP = Server.CreateObject ("WinHttp.WinHttpRequest.5.1")
set objXMLDocument = Server.CreateObject("MSXML2.DOMDocument")
set objXMLReponseDocument = Server.CreateObject("MSXML2.DOMDocument")
objXMLDocument.async = false
objXMLDocument.load(Server.MapPath("Request.xml"))
' WinHttp.WinHttpRequest.5.1
' CN from certificate which is in Local Computer\Personal\Certificates
objSrvHTTP.SetClientCertificate "LOCAL_MACHINE\MY\CsS Services"
objSrvHTTP.open "GET", "https://test.rbsecure.com/secure2/bin/XMLPost",
false
objSrvHTTP.SetRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument
Response.Write objSrvHTTP.ResponseText
Thanks in advance for any help...Tom
to request and receive their XML data. With the provided cert, the only
instructions they've given us is to import the cert into IE and export to a
..pfx file.
I used the MMC Certificate Snap in to get the cert into the certificate
store (I think that part's OK but not 100% sure if I've granted access etc.)
Then I used winhttpcertcfg.exe. to grant access. I'm just not sure about
the account(s). I've granted access to the following accounts by using the
following command:
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CsS Services -a IWAM_SECURE
I've run that command for various accounts. Here's the listing now using:
winhttpcertcfg -l -c LOCAL_MACHINE\MY -s "CsS Services"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
[email protected]
CN=CsS Services
OU=Identity authenticated by RA
OU=Email control validated by GeoTrust
OU=See TCX CPS www.geotrust.com/resources/CPS
OU=CPS terms incorp. by ref. liability ltd.
O=Org. not validated.
Additional accounts and groups with access to the private key include:
BUILTIN\Administrators
NT AUTHORITY\SYSTEM
SECURE\IUSR_SECURE
SECURE\IWAM_SECURE
SECURE\ASPNET
Now when I run this code using WinHttp.WinHttpRequest I get the following
error:
WinHttp.WinHttpRequest error '80072f9a'
A security error occurred
This still occurs on objSrvHTTP.Send. I've tried both GET and POST and get
the same error. Previous to correctly (at least I think it's been run
correctly) run winhttpcertcfg we were getting "msxml3.dll error '80072f0c' A
certificate is required to complete client authentication"
MS advised to install SP 2 (Windows Server 2003 Standard) and use
WinHttp.WinHTTPRequest instead of Msxml2.ServerXMLHTTP.
Here's the code:
set objSrvHTTP = Server.CreateObject ("WinHttp.WinHttpRequest.5.1")
set objXMLDocument = Server.CreateObject("MSXML2.DOMDocument")
set objXMLReponseDocument = Server.CreateObject("MSXML2.DOMDocument")
objXMLDocument.async = false
objXMLDocument.load(Server.MapPath("Request.xml"))
' WinHttp.WinHttpRequest.5.1
' CN from certificate which is in Local Computer\Personal\Certificates
objSrvHTTP.SetClientCertificate "LOCAL_MACHINE\MY\CsS Services"
objSrvHTTP.open "GET", "https://test.rbsecure.com/secure2/bin/XMLPost",
false
objSrvHTTP.SetRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument
Response.Write objSrvHTTP.ResponseText
Thanks in advance for any help...Tom