25

I'm using a ServerXMLHTTP object to make some http requests on an excel 2007 vba script.

But I need to connect to an https server which uses a self-signed SSL Certificate, so by default I get the message "The certificate authority is invalid or incorrect". Is there a way to configure the ServerXMLHTTP object so that it doesn't requires a CA Certificate?

Some sample code follows:

Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
  objHTTP.Open "POST", "https://invernalia.homelinux.net", False, "user", "password"
  objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
  objHTTP.send ("")
Javier Novoa C.
  • 11,257
  • 13
  • 57
  • 75

2 Answers2

40

I used to have this problem for a while, and I only managed to get past it thanks to this:

Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objHTTP.SetOption 2, objHTTP.GetOption(2)
objHTTP.Open "POST", "https://invernalia.homelinux.net", False, "user", "password"
objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
objHTTP.send ("")

I have found this here setOption Method and getOption Method

Here in this code I have just used SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS but you can try with others more specific:

  • SXH_SERVER_CERT_IGNORE_WRONG_USAGE
  • SXH_SERVER_CERT_IGNORE_CERT_CN_INVALID
  • SXH_SERVER_CERT_IGNORE_CERT_DATE_INVALID
  • SXH_SERVER_CERT_IGNORE_UNKNOWN_CA
Ravi Ram
  • 24,078
  • 21
  • 82
  • 113
Romain
  • 6,322
  • 3
  • 35
  • 40
  • cool! that's it! you've earned it :) (stackoverflow tells me I must wait 11 hours to award the bounty, I'll be out of town these days, so please be patient if I can't connect to reward you, I'll do it once I'm back :) – Javier Novoa C. Jul 22 '12 at 17:22
  • 3
    Thanks! XMLHTTP with VBA is such badly documented that sometimes you just have to hope someone sometimes already had the same issue. Glad I could help! :) – Romain Jul 23 '12 at 17:51
  • 2
    SetOption was very helpful, just what I needed. On my system I had to use "MSXML2.ServerXMLHTTP.3.0" before SetOption took effect. – Alan Oct 25 '12 at 18:28
  • 1
    Substracting flags is kind of dangerous. And there is no need for parenthesis on `SetOption` and `Send` method calls. Use something like `objHTTP.SetOption 2, objHTTP.GetOption(2) And Not SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS` to turn off the specified flags. – wqw Oct 22 '15 at 12:55
  • 1
    The solution here is to trust the CA that was used to issue the self signed certificate rather than blindly disabling certificate validation. – Gabriel Jun 22 '16 at 00:52
  • 2
    If you dont have access to the constants, use this: objHTTP.setOption(2) = 13056 – GELR Jun 23 '16 at 19:30
  • What about in the case that you must select a certificate in order to post the url? Seems like .setOption 3, "CERTIFICATE?" is the option? But how exactly this works? the value after 3 should be the path of the certificate in local directory or the IE registry dir? Please help to expand a bit more. thanks – Gin Jul 03 '20 at 04:39
6
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objHTTP.SetOption(2, objHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)
objHTTP.Open "POST", "https://invernalia.homelinux.net", False, "user", "password"
objHTTP.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
objHTTP.send ("")

Got the above solution to work with a minor change. Instead of:

objHTTP.SetOption(2, objHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)

I used:

objHTTP.SetOption(2) = (objHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)

Otherwise I get an error of:

Microsoft VBScript compilation error '800a0414' Cannot use parentheses when calling a Sub objHTTP.SetOption(2, objHTTP.GetOption(2) - SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS)

referenced from: SXH_OPTION_IGNORE_SERVER_SSL_CERT_ERROR_FLAGS

Ian Flynn
  • 3,577
  • 2
  • 18
  • 14
  • For the error '800a0414', see this [answer](http://stackoverflow.com/a/14908329/1534346) by @Helen – Romain Jan 03 '15 at 09:42
  • Just remove the parentheses on `SetOption` like this `objHTTP.SetOption 2, objHTTP.GetOption(2) And Not SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS` – wqw Oct 22 '15 at 12:56
  • Just use "call objHTTP.SetOptions(... params)" – LarryBud Jan 21 '19 at 21:01