Can't use HTTPS with ServerXMLHTTP object

Question

I am supporting a Classic ASP application that connects to a payment gateway via HTTPS. Up until recently there have been no issues. A few days ago the latest updates were

Answer 1

Just found the solution to this which has passed testing on:

• Windows 10 (IIS 10)
• Windows 2012 R2 (IIS 8.5)

It's a client problem. MSXML2.ServerXMLHTTP does indeed require you to use a client certificate when calling an endpoint secured with SSL (even if the endpoint doesn't require it), as the OP noted.

On the webserver, you need to:

1. Create a client certificate
2. Assign permissions to the certificate
3. Set the certificate on the ServerXMLHTTP object

In detail:

1. Create a client certificate

Use the following PowerShell command to create a new self-signed certificate:

New-SelfSignedCertificate -DnsName "ServerXMLHTTP", "ServerXMLHTTP" -CertStoreLocation "cert:\LocalMachine\My"

Note that the certificate created by this command will only be valid for 1 year.

2. Assign permissions to the certificate

Using MMC, view the certificate store for the computer account: How to: View Certificates with the MMC Snap-in

The certificate created above can be found in Certificates (Local Computer)\Personal\Certificates (the "Issued By" and "Issued To" columns display "ServerXMLHTTP").

Right click the ServerXMLHTTP certificate, select "All Tasks" -> "Manage Private Keys" and the permissions dialog will display.

Add the user that the ASP website app pool is running as. By default it will be running as "ApplicationPoolIdentity", but your setup may be using a specific user account. If the app pool is using ApplicationPoolIdentity, the username to add is "IIS AppPool\APP POOL NAME", e.g. IIS AppPool\DefaultAppPool

The user will be added with "Full Control" which can be deselected. Only "Read" permission seems to be required. Click "OK" to confirm the permissions.

3. Set the certificate on the ServerXMLHTTP object

In your ASP code, set the ServerXMLHTTP object to use the certificate created above. For example calling PayPal for an access token:

Dim strAuthToken: strAuthToken = ""
Dim oHttp: Set oHttp = Server.CreateObject("MSXML2.ServerXMLHTTP")

With oHttp
    Call .Open("POST", "https://api.sandbox.paypal.com/v1/oauth2/token", False)
    Call .SetOption(3, "LOCAL_MACHINE\My\ServerXMLHTTP")
    Call .SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
    Call .SetRequestHeader("Authorization", "Basic " & strAuthToken)
    Call .Send("grant_type=client_credentials")
End With

Hopefully this is still of assistance.