0

I created an application in VB 6.0 to post an XML file to an http url and reading the response (in xml) using the control Microsft Internet Transfer Control (MSinet). Its working fine in HTTP. But the live url is HTTPS and I'm unable to call the URL using this control.

Please share any alternate way to call the HTTPS urls in VB 6.0 and also share the method to use the SSL certification.

StayOnTarget
  • 11,743
  • 10
  • 52
  • 81
Sujith Kumar.S
  • 17
  • 3
  • Why are you trying to bypass SSL certificate checks? They're important for security - how else do you know you're talking to the right server and not a man in the middle? – bdonlan Nov 05 '12 at 07:43
  • At server end , I'm using self signed certificate. So if i try to acess the web page from client, will get an SSL error. So i have to bypass this error. – Sujith Kumar.S Nov 05 '12 at 08:21
  • @SujithKumar.S I edited your question removing the word "bypass". "Bypassing" security is not a good idea - that would open up security problems. And it's probably impossible anyway. I *hope* you are asking how your application can communicate via HTTPS in a secure manner, participating in the SSL security steps in the correct way – MarkJ Nov 05 '12 at 10:38
  • Hi Mark, thanks for the reply . Can u pls share the VB 6.0 code for https url calling and XML posting in a secure manner. And also I found some code in C# and Vb.net to Bypass the SSL error, using that code I bypassed the SSL error also. If it possible can u pls share the code for the same in VB 6.0 – Sujith Kumar.S Nov 05 '12 at 10:56

1 Answers1

1

Based on the control's documentation there does not appear to be a way to change how the control validates an SSL certificate like you can do with a .NET HttpWebRequest.. Therefore you will need to add the server's certificate into your local machine's trusted root certificate store (see What do I need to do to get Internet Explorer 8 to accept a self signed certificate?).

If Internet Explorer can visit the URL without an certificate warnings then the Microsoft Internet Transfer Control should be able to do so as well. This is a good technique for validating that you have the certificate appropriately trusted.

Community
  • 1
  • 1
Holistic Developer
  • 2,458
  • 1
  • 18
  • 27
  • 1
    +1 This is the right approach - don't bypass all SSL security, just mark the signer of that self-sign certificate as trusted. – Basic Nov 05 '12 at 23:25
  • The WinHTTPRequest object offers a `SetClientCertificate` method and this is probably what .Net wraps to get similar functionality. The ITC is pretty old and moldy. – Bob77 Nov 07 '12 at 16:23
  • @Bob77 A client certificate would only be used when the server wants to uniquely authenticate each client which is a different scenario than using a self-signed cert on the server. – Holistic Developer Dec 11 '13 at 22:35