Sending Client Certificate

T

Tom

I'm trying to set up and use a client certificate given to us by a 3rd party
to request and receive their XML data. With the provided cert, the only
instructions they've given us is to import the cert into IE and export to a
..pfx file.

I used the MMC Certificate Snap in to get the cert into the certificate
store (I think that part's OK but not 100% sure if I've granted access etc.)
Then I used winhttpcertcfg.exe. to grant access. I'm just not sure about
the account(s). I've granted access to the following accounts by using the
following command:

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CsS Services -a IWAM_SECURE

I've run that command for various accounts. Here's the listing now using:

winhttpcertcfg -l -c LOCAL_MACHINE\MY -s "CsS Services"

Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
[email protected]
CN=CsS Services
OU=Identity authenticated by RA
OU=Email control validated by GeoTrust
OU=See TCX CPS www.geotrust.com/resources/CPS
OU=CPS terms incorp. by ref. liability ltd.
O=Org. not validated.

Additional accounts and groups with access to the private key include:

BUILTIN\Administrators
NT AUTHORITY\SYSTEM
SECURE\IUSR_SECURE
SECURE\IWAM_SECURE
SECURE\ASPNET

Now when I run this code using WinHttp.WinHttpRequest I get the following
error:

WinHttp.WinHttpRequest error '80072f9a'
A security error occurred

This still occurs on objSrvHTTP.Send. I've tried both GET and POST and get
the same error. Previous to correctly (at least I think it's been run
correctly) run winhttpcertcfg we were getting "msxml3.dll error '80072f0c' A
certificate is required to complete client authentication"

MS advised to install SP 2 (Windows Server 2003 Standard) and use
WinHttp.WinHTTPRequest instead of Msxml2.ServerXMLHTTP.

Here's the code:
set objSrvHTTP = Server.CreateObject ("WinHttp.WinHttpRequest.5.1")
set objXMLDocument = Server.CreateObject("MSXML2.DOMDocument")
set objXMLReponseDocument = Server.CreateObject("MSXML2.DOMDocument")

objXMLDocument.async = false
objXMLDocument.load(Server.MapPath("Request.xml"))
' WinHttp.WinHttpRequest.5.1
' CN from certificate which is in Local Computer\Personal\Certificates
objSrvHTTP.SetClientCertificate "LOCAL_MACHINE\MY\CsS Services"


objSrvHTTP.open "GET", "https://test.rbsecure.com/secure2/bin/XMLPost",
false
objSrvHTTP.SetRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument
Response.Write objSrvHTTP.ResponseText

Thanks in advance for any help...Tom
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top