msxml3.dll error ‘80072f0d’ : The certificate authority is invalid or incorrect error in classic ASP – How to Fix

msxml3.dll error '80072f0d' : The certificate authority is invalid or incorrect error in classic ASP - How to Fix

If you’ve stumbled upon this post it probably means you’re struggling with the following error when trying to issue a   request to a self-signed HTTPS web site URL from an ASP classic page:

msxml3.dll error ‘80072f0d’ : The certificate authority is invalid or incorrect.

Or (alternatively):

Error 80072F06 in msxml3.dll: The host name in the certificate is invalid or does not match.

This error can also happen when issuing any type of HTTP request call using the   object: VBScript, ASP-based pages, REST or SOAP web services and so on: regardless how you get on it, it basically means  that there are some problems with the SSL certificate installed on the server. For example, the host name not matching the subject name of the certificate, or the certificate is not valid (yet or anymore) or the certificate’s chain is broken. 

If you try to open the URL from a browser, you will most likely end up with a warning page stating that there are issues with the SSL certificate, offering you the chance to Continue Anyway and take the risk: unfortunately, if you’re running any sort of automation script you won’t get this chance.

In order to fix that, you need to add the   option to your XML HTTP request object in the following way:

That option will tell the XMLHTTP object to ignore any certificate errors and access the page.

It’s importantt o understand that value of 13056 means that ASP will ignore all the errors regarding SSL certificates. In case you want to have more control on what will be ignored and what won’t, you can use one of the following values instead:

  • SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256 : Unknown certificate authority
  • SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512 : Malformed certificate such as a certificate with no subject name.
  • SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096 : Mismatch between the visited hostname and the certificate name being used on the server.
  • SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192 : The date in the certificate is invalid or has expired.
  • SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056 : All certificate errors.

There are some more options you can set using the   function, such as overriding the codepage, change the handling of % characters, and so on. For additional info, read this MSDN official page.


About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies.

View all posts by Ryan