Winhttp and p12 certificate

Crazy Joe Devola

I am writing a client program in VB6 which will interface to a server over HTTP. The company who runs the server provided me with a certificate file called SomeCertificate.p12. My program is running on Windows XP. This is the operating system the customer is using. I am trying to find how to use this certificate when sending requests to the server. Here is what I have done so far: 1. Copied the certificate file to my test computer. 2. Using Internet Explorer V8, I did "Tools|Internet Options|Content|Certificates|Trusted Root Authorities" and imported the certificate. 3. Installed the winhttpcertcfg tool. 4. Ran the following from command prompt: "winhttpcertcfg -i SomeCertificate.p12 -c LOCAL_MACHINE\My -a COMPUTERNAME\USERNAME -p PasswordFromServerCompany" the output was something like this. I replaced the different tokens with dummy strings: Imported certificate: CN=string1 OU=string2 O=string3 L=string4 C=string5 Private key access has already been granted for account: COMPUTERNAME\USERNAME 5. My VB6 code looks something like this: Private WithEvents m_ServerObj As WinHttpRequest Set m_ServerObj = New WinHttpRequest m_ServerObj.Open "GET", "https://serveraddress" Call m_ServerObj.SetClientCertificate("LOCAL_MACHINE\Personal\SomeCertificate") m_ServerObj.Send TextToSend The Send call causes an exception: "A certificate is required to complete client authentication" I tried different strings in the SetClientCertificate call but I keep getting the same error. I'd appreciate any help and tips. What am i doing wrong? Is my code wrong? Did I use winhttpcertcfg incorrectly? thank you.

Lost User

It looks like you missed the certificate name option (-s) on your WinHttpCertCfg.exe, a Certificate Configuration Tool (Windows)[^] command.

Crazy Joe Devola

Thank you. I think the "-s" option cannot be used with "-i". I tried to add it, but the utility just printed it's syntax text, as if the parameters were incorrect. Like so: winhttpcertcfg -i CertificateFile.p12-c LOCAL_MACHINE\My -s CertifiaceFile -a COMPUTERNAME\USERNAME -p PASSWORD on the other hand, it was accepted with "-l": winhttpcertcfg -l -c LOCAL_MACHINE\MY -s CertificateFile

Richard Deeming

VB6 has effectively been "dead" for over 15 years. You'll struggle to find documentation or support for it, since most people have moved to .NET by now. With the release of Visual Studio Community[^], so long as you're within the limits, you can upgrade for free. The only issue is, Windows XP doesn't support anything above .NET 4.0. But support for Windows XP ended over three years ago[^]. Aside from the occasional notable exception[^], your customer's computers have not received a security update for any vulnerability discovered in that time. Since it seems they're connected to the internet, they're ticking time-bombs waiting to destroy the network. :)

---

"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer

Crazy Joe Devola

The fact i am using VB6 right now should not matter. The program is using Windows winhttp.dll, a COM object. I could have used C++ and still have the same problem.

Dave Kreskowiak

His commentary on VB6 was not directed at the problem at hand but the code you're writing by your language of choice. Since VB6 has been dead for so long, how long is it going to be before the runtime no longer works on Windows and you, or some successor, will be rewriting this thing in a modern language?

System.ItDidntWorkException: Something didn't work as expected. A guide to posting questions on CodeProject

Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak

Crazy Joe Devola

The server company sent me a .PEM certificate to install. Once I did that, the problem was solved. Thank you.