If you’ve stumbled upon this post it probably means you’re struggling with the following error when trying to issue a ServerXMLHTTP request to a self-signed HTTPS web site URL from an ASP classic page:
msxml3.dll error ‘80072f0d’ : The certificate authority is invalid or incorrect.
Error 80072F06 in msxml3.dll: The host name in the certificate is invalid or does not match.
This error can also happen when issuing any type of HTTP request call using the MSXML2.ServerXMLHTTP object: VBScript, ASP-based pages, REST or SOAP web services and so on: regardless how you get on it, it basically means that there are some problems with the SSL certificate installed on the server. For example, the host name not matching the subject name of the certificate, or the certificate is not valid (yet or anymore) or the certificate’s chain is broken.
If you try to open the URL from a browser, you will most likely end up with a warning page stating that there are issues with the SSL certificate, offering you the chance to Continue Anyway and take the risk: unfortunately, if you’re running any sort of automation script you won’t get this chance.
In order to fix that, you need to add the objXMLHTTP.SetOption(2) = 13056 option to your XML HTTP request object in the following way:
Set objXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.3.0")
' Enable ServerXMLHTTP https request with self signed certificate
' To avoid "msxml3.dll error '80072f0d' : The certificate authority is invalid or incorrect"
' ref.: https://stackoverflow.com/questions/11573022/vba-serverxmlhttp-https-request-with-self-signed-certificate
' ref.: http://msdn.microsoft.com/en-us/library/ms763811(v=VS.85).aspx
That option will tell the XMLHTTP object to ignore any certificate errors and access the page.
It’s importantt o understand that value of 13056 means that ASP will ignore all the errors regarding SSL certificates. In case you want to have more control on what will be ignored and what won’t, you can use one of the following values instead:
- SXH_SERVER_CERT_IGNORE_UNKNOWN_CA = 256 : Unknown certificate authority
- SXH_SERVER_CERT_IGNORE_WRONG_USAGE = 512 : Malformed certificate such as a certificate with no subject name.
- SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID = 4096 : Mismatch between the visited hostname and the certificate name being used on the server.
- SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID = 8192 : The date in the certificate is invalid or has expired.
- SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056 : All certificate errors.
There are some more options you can set using the SetOption function, such as overriding the codepage, change the handling of % characters, and so on. For additional info, read this MSDN official page.