Click here to get back home

Send Client Certificate
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Send Client Certificate Tom 02-18-2008
Posted by Tom on February 18, 2008, 10:54 am
Please log in for more thread options
 We have obtained a client certificate from a 3rd party to install and use to
obtain 3rd party's XML data.
The only instructions they provided us was to download and import the cert
into IE and then export to .pfx file. With that done, when we try to access
the 3rd party secured site we were getting the error:

msxml3.dll error '80072f0c'
A certificate is required to complete client authentication

I've made some progress in that I'm now getting a different error. I think
I've successfully used the winhttpcertcfg.exe to get the cert into the
certificate store. I'm just not sure about the account.I've granted access
to the following by using the following:

winhttpcertcfg -g -c LOCAL_MACHINE\MY -s "CsS Services -a IWAM_SECURE

I've run that command for various accounts. Here's the listing now using:
winhttpcertcfg -l -c LOCAL_MACHINE\MY -s "CsS Services"

Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.

Matching certificate:
E=myemailaddress
CN=CsS Services
OU=Identity authenticated by RA
OU=Email control validated by GeoTrust
OU=See TCX CPS www.geotrust.com/resources/CPS
OU=CPS terms incorp. by ref. liability ltd.
O=Org. not validated.

Additional accounts and groups with access to the private key include:

BUILTIN\Administrators
NT AUTHORITY\SYSTEM
SECURE\IUSR_SECURE
SECURE\IWAM_SECURE
SECURE\ASPNET


Now when I run this VBscript code in ASP using WinHttp.WinHttpRequest I get
the following error:

WinHttp.WinHttpRequest error '80072f9a'
A security error occurred

This still occurs on objSrvHTTP.Send. I've tried both GET and POST and get
the same error

set objSrvHTTP = Server.CreateObject ("WinHttp.WinHttpRequest.5.1")
set objXMLDocument = Server.CreateObject("MSXML2.DOMDocument")
set objXMLReponseDocument = Server.CreateObject("MSXML2.DOMDocument")
objXMLDocument.async = false
objXMLDocument.load(Server.MapPath("Request.xml"))

' WinHttp.WinHttpRequest.5.1
objSrvHTTP.SetClientCertificate "LOCAL_MACHINE\MY\CsS Services"
objSrvHTTP.open "GET", "https://test.rbsecure.com/secure2/bin/XMLPost",
false

objSrvHTTP.SetRequestHeader "content-Type","text/xml"
objSrvHTTP.send objXMLDocument
Response.Write objSrvHTTP.ResponseText




Similar ThreadsPosted
where is client certificate on server usually installed? August 28, 2006, 8:28 am
Need a HOW TO create a client certificate for partner access August 17, 2005, 4:12 pm
Root certificate authority no longer added to client machines July 14, 2006, 4:05 pm
Exploit in IIS to send spam? January 5, 2006, 12:02 pm
File Screen only send out email once September 6, 2007, 4:32 am
Email program won't send in Windows 2003 - Queue_Manager December 8, 2005, 2:02 pm
Sexy Indian Chicks] send songs to ur friends November 29, 2007, 1:33 am
Add OS2 Client July 20, 2005, 3:42 pm
RDP Client & SSO September 6, 2005, 8:16 am
TS Client - How Secure? July 10, 2005, 1:21 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap